NIST AI RMF Compliance
for AI Agents
Automatically map your agent's behavior to the NIST AI Risk Management Framework. Scan for governance gaps across GOVERN, MAP, MEASURE, and MANAGE functions.
The Four Functions of AI Risk Management
The NIST AI RMF organizes risk management into four core functions. Inkog maps your agent's behavior to each.
GOVERN
Accountability & Policies- Accountability structures and defined roles
- Policies for AI system lifecycle management
- Organizational risk tolerance documentation
- Third-party risk management processes
Inkog checks: Missing human approval gates, undefined authorization, missing audit logging
MAP
Risk Identification & Context- AI system context and intended purpose
- Risk identification and threat modeling
- Stakeholder impact assessment
- Data provenance and lineage tracking
Inkog checks: Data flow analysis, taint tracking, tool call enumeration, capability mapping
MEASURE
Metrics & Evaluation- Quantifiable risk metrics and thresholds
- Testing and evaluation procedures
- Performance monitoring baselines
- Bias and fairness assessment
Inkog checks: Confidence-scored findings, severity classification, risk tier assignment
MANAGE
Mitigation & Monitoring- Risk mitigation strategies and controls
- Continuous monitoring and incident response
- Escalation and override mechanisms
- Documentation and audit trails
Inkog checks: Remediation guidance, CI/CD integration, SARIF output for tracking
From Code to Governance Report
One command generates a governance report mapping your agent's behavior to NIST AI RMF functions.
Run the scan
Point Inkog at your agent code with the governance policy flag. No configuration needed.
Get your report
Receive a structured report mapping findings to GOVERN, MAP, MEASURE, and MANAGE functions.
Fix gaps
Address identified governance gaps with actionable suggestions. Re-scan to verify.
Frequently Asked Questions
What is the NIST AI Risk Management Framework?
The NIST AI RMF (AI 100-1) is a voluntary framework published by the National Institute of Standards and Technology to help organizations manage risks associated with AI systems. It defines four core functions — GOVERN, MAP, MEASURE, and MANAGE — that provide a structured approach to AI risk management throughout the system lifecycle.
Is NIST AI RMF compliance mandatory?
The framework is voluntary, but it is increasingly referenced in federal procurement requirements, enterprise vendor assessments, and industry standards. Executive Order 14110 on AI safety directs federal agencies to use NIST frameworks, making compliance effectively required for government contractors and their supply chains.
How does Inkog map to the NIST AI RMF?
Inkog's governance policy scans your agent code for controls that align with each RMF function. It checks for human oversight mechanisms (GOVERN), maps data flows and tool usage (MAP), provides confidence-scored findings with severity classification (MEASURE), and outputs actionable remediation guidance with CI/CD integration (MANAGE).
How does NIST AI RMF relate to the EU AI Act?
Both frameworks address AI risk management but from different angles. The EU AI Act is a binding regulation with specific compliance deadlines, while NIST AI RMF is a voluntary best-practice framework. Many organizations use both — NIST AI RMF provides the governance structure, and EU AI Act defines the legal requirements. Inkog supports both with dedicated policy presets.
Start your NIST AI RMF compliance audit
Free for developers. Results in 60 seconds.
Also available: EU AI Act Compliance and Full Compliance Overview