§31 · Lane 7 — Australian Regulatory Primary Instruments
NIST AI Risk Management Framework 1.0
NIST (2023) · NIST AI RMF 1.0
Bibliographic data
- Title
- NIST AI Risk Management Framework 1.0 (January 2023)
- Authors / Issuing body
- National Institute of Standards and Technology (NIST), U.S. Department of Commerce
- Venue / Publisher
- U.S. Department of Commerce, NIST
- Year
- 2023
- Designation
- Standard
- Licence
- Stable URL — refer to publisher for full licence terms.
- Canonical link
- https://www.nist.gov/itl/ai-risk-management-framework
How to cite
NIST (2023). NIST AI Risk Management Framework 1.0 (January 2023). U.S. Department of Commerce, NIST. https://www.nist.gov/itl/ai-risk-management-framework.
The US national voluntary framework for managing AI risk. Organised around four core functions — Govern, Map, Measure, and Manage — applied across the AI lifecycle. The most operationally detailed international AI risk framework outside the ISO/IEC stack; already cross-walked from ISO/IEC 42001 NETEVO application notes in §10's catalogue.
Why it matters for NETEVO
NIST AI RMF is the international comparator the catalogue most frequently cross-walks to. Three operational consequences follow.
First, the four NIST functions (Govern, Map, Measure, Manage) map cleanly onto ISO/IEC 42001 (§9) clauses 4-10 Harmonized Structure. Drafters can present NETEVO controls as satisfying NIST and 42001 simultaneously through a single matrix.
Second, NIST is the international anchor that US-headquartered NETEVO clients (and AU subsidiaries of US groups) read by default. Where §27 (NSW AIAF) anchors NSW Government supply chains and §29 (Voluntary AI Safety Standard) anchors AU national positioning, NIST anchors US-aligned multinational positioning. The cross-walk to AU instruments is the NETEVO-specific contribution.
Third, NIST RMF 1.0 is paired with §32 (NIST AI 600-1 GenAI Profile) for the generative-AI overlay. The two together cover both the general framework and the AI-specific operational extension.
Per the Lane 7 binding constraint, this entry is framed as a cross-jurisdictional benchmark — not an implied obligation on AU entities. Cite NIST when the audience or supply-chain reach makes it useful; do not present NIST as the AU regulatory anchor.
Where NETEVO applies this
- AI Governance in ANZ Whitepaper — international comparator section