§31 · Lane 7 — Australian Regulatory Primary Instruments
NIST AI Risk Management Framework 1.0 cross-jurisdictional benchmark for AI risk management
NIST (2023) · NIST AI RMF 1.0
Bibliographic data
- Title
- NIST AI Risk Management Framework 1.0 (January 2023)
- Authors / Issuing body
- National Institute of Standards and Technology (NIST), U.S. Department of Commerce
- Venue / Publisher
- U.S. Department of Commerce, NIST
- Year
- 2023
- Designation
- Standard
- Licence
- Stable URL — refer to publisher for full licence terms.
- Canonical link
- https://www.nist.gov/itl/ai-risk-management-framework
How to cite
NIST (2023). NIST AI Risk Management Framework 1.0 (January 2023). U.S. Department of Commerce, NIST. https://www.nist.gov/itl/ai-risk-management-framework.
The US national voluntary framework for managing AI risk. Organised around four core functions — Govern, Map, Measure, and Manage — applied across the AI lifecycle. The most operationally detailed international AI risk framework outside the ISO/IEC stack; its four functions map cleanly onto ISO/IEC 42001.
Why it matters for NETEVO
NIST AI RMF is the principal international comparator for AI governance work that spans US and Australian settings. Three operational consequences follow.
First, the four NIST functions (Govern, Map, Measure, Manage) map cleanly onto the Harmonized Structure of ISO/IEC 42001 clauses 4-10. A single mapping matrix can therefore demonstrate that one engineered control set satisfies NIST and 42001 simultaneously, rather than maintaining two parallel governance documents.
Second, NIST AI RMF is the default reference framework for US-headquartered organisations and for the Australian subsidiaries of US parents. For a multinational organisation operating in Australia, the practical work is the cross-walk: carrying one control set across NIST AI RMF, ISO/IEC 42001, and the applicable Australian instruments.
Third, NIST RMF 1.0 is paired with the NIST AI 600-1 GenAI Profile, which overlays generative-AI-specific risks onto the core framework. The two together cover both the general framework and the generative-AI operational extension.
The framework is voluntary and national to the United States. It is a cross-jurisdictional benchmark, not an implied obligation on Australian entities, and it is not the Australian regulatory anchor; its relevance in Australia turns on group structure and supply-chain reach.
Where NETEVO applies this
- AI Governance in ANZ Whitepaper — international comparator section