US federal AI risk framework

NIST AI RMF 1.0.
From principles to proof.

NIST AI RMF + SP 800-218 kit — £999 one-time + £199/mo monitoring (optional)

The NIST AI Risk Management Framework is the US standard for responsible AI. Our kit turns Govern, Map, Measure, and Manage into worksheets, metrics, and an auditor-ready attestation.

Why NIST AI RMF matters in 2026

US federal contractors are expected to align under EO 14110 and OMB M-24-10.
Enterprise buyers request NIST RMF alignment in security reviews.
Maps cleanly to ISO 42001, EU AI Act, and SOC 2.
SP 800-218 adds secure software development evidence for AI supply chains.

Book free readiness check Compare ISO 42001 See all protocols

Choose your tier

RMF Quick Start

£9one-time

Self-assessment against the 60 AI RMF outcomes.

Get £9 Quick Start

NIST AI RMF Kit

£999one-time

GOVERN/MAP/MEASURE/MANAGE worksheets, risk register, metrics dashboard, and one signed attestation.

Buy — £999

Audit-Prep Bundle

£4,950one-time

Kit + 2-day engagement + red-team exercise + 90-day support.

Buy Audit-Prep — £4,950

Enterprise

£1,499/month

Continuous risk measurement, quarterly workbook refresh, and unlimited attestations.

Talk sales — £1,499/mo

What's covered

GOVERN — AI risk culture

Board accountability, risk tolerance statements, roles and responsibilities, and integration with enterprise risk management and legal review.

MAP — context and risks

AI system categorisation, intended use, foreseeable misuse, stakeholder impact, and mapping of AI-specific risks to business processes.

MEASURE — quantified risk

Pre-deployment validation, ongoing monitoring metrics, bias tests, robustness checks, red-teaming results, and third-party evaluation evidence.

MANAGE — respond and recover

Risk response planning, incident response playbooks, human oversight procedures, and continuous improvement workflows.

Why this matters now

NIST AI RMF is the US government's flagship AI risk framework. Federal contractors and regulated industries are expected to align with it.

SP 800-218 adds secure software development practices. Together they cover both AI risk and software supply-chain security.

The framework is outcome-based, not prescriptive. Our worksheets turn the outcomes into actionable controls with evidence owners.

Mapping NIST AI RMF to ISO 42001 and EU AI Act creates a single governance narrative for global customers.

Frequently asked questions

What is the NIST AI RMF?

The NIST AI Risk Management Framework (AI RMF 1.0) is a voluntary framework for managing risks from AI systems. It is organised around four functions: Govern, Map, Measure, and Manage.

Is NIST AI RMF mandatory?

No, it is voluntary. However, US federal agencies and contractors are directed to align with it under Executive Order 14110 and OMB M-24-10. Many enterprise buyers also request NIST alignment.

How does it relate to NIST CSF and SP 800-218?

NIST CSF covers organisational cybersecurity. SP 800-218 covers secure software development. AI RMF covers AI-specific risks. The three frameworks complement each other and share common governance language.

What evidence does the kit produce?

Completed worksheets for each RMF function, risk registers, measurement results, test logs, incident response playbooks, and an Ed25519-signed attestation of alignment.

Can this replace an EU AI Act compliance programme?

No. NIST AI RMF is risk-management focused and voluntary. The EU AI Act is a legal obligation with specific conformity requirements. The two align well and can share evidence, but one does not substitute for the other.

Need a certifiable AI management system?

See the ISO 42001 AIMS kit →

MEOK AI Labs · CSOAI LTD · UK Companies House 16939677

CSOAI

Initializing...

NIST AI RMF 1.0.
From principles to proof.

NIST AI RMF + SP 800-218 kit — £999 one-time + £199/mo monitoring (optional)

The NIST AI Risk Management Framework is the US standard for responsible AI. Our kit turns Govern, Map, Measure, and Manage into worksheets, metrics, and an auditor-ready attestation.

Why NIST AI RMF matters in 2026

US federal contractors are expected to align under EO 14110 and OMB M-24-10.
Enterprise buyers request NIST RMF alignment in security reviews.
Maps cleanly to ISO 42001, EU AI Act, and SOC 2.
SP 800-218 adds secure software development evidence for AI supply chains.

Choose your tier

RMF Quick Start

£9one-time

Self-assessment against the 60 AI RMF outcomes.

Get £9 Quick Start

NIST AI RMF Kit

£999one-time

GOVERN/MAP/MEASURE/MANAGE worksheets, risk register, metrics dashboard, and one signed attestation.

Buy — £999

Audit-Prep Bundle

£4,950one-time

Kit + 2-day engagement + red-team exercise + 90-day support.

Buy Audit-Prep — £4,950

Enterprise

£1,499/month

Continuous risk measurement, quarterly workbook refresh, and unlimited attestations.

Talk sales — £1,499/mo

What's covered

GOVERN — AI risk culture

Board accountability, risk tolerance statements, roles and responsibilities, and integration with enterprise risk management and legal review.

MAP — context and risks

AI system categorisation, intended use, foreseeable misuse, stakeholder impact, and mapping of AI-specific risks to business processes.

MEASURE — quantified risk

Pre-deployment validation, ongoing monitoring metrics, bias tests, robustness checks, red-teaming results, and third-party evaluation evidence.

MANAGE — respond and recover

Risk response planning, incident response playbooks, human oversight procedures, and continuous improvement workflows.

Why this matters now

NIST AI RMF is the US government's flagship AI risk framework. Federal contractors and regulated industries are expected to align with it.

SP 800-218 adds secure software development practices. Together they cover both AI risk and software supply-chain security.

The framework is outcome-based, not prescriptive. Our worksheets turn the outcomes into actionable controls with evidence owners.

Mapping NIST AI RMF to ISO 42001 and EU AI Act creates a single governance narrative for global customers.

Frequently asked questions

What is the NIST AI RMF?

The NIST AI Risk Management Framework (AI RMF 1.0) is a voluntary framework for managing risks from AI systems. It is organised around four functions: Govern, Map, Measure, and Manage.

Is NIST AI RMF mandatory?

No, it is voluntary. However, US federal agencies and contractors are directed to align with it under Executive Order 14110 and OMB M-24-10. Many enterprise buyers also request NIST alignment.

How does it relate to NIST CSF and SP 800-218?

What evidence does the kit produce?

Completed worksheets for each RMF function, risk registers, measurement results, test logs, incident response playbooks, and an Ed25519-signed attestation of alignment.

Can this replace an EU AI Act compliance programme?

MEOK AI Labs · CSOAI LTD · UK Companies House 16939677

NIST AI RMF 1.0.From principles to proof.

Choose your tier

What's covered

Why this matters now

Frequently asked questions

NIST AI RMF 1.0.From principles to proof.

Choose your tier

What's covered

Why this matters now

Frequently asked questions

NIST AI RMF 1.0.
From principles to proof.

NIST AI RMF 1.0.
From principles to proof.