NIST AI RMF
The voluntary federal framework for managing AI risk, and how VIDIZMO’s practices map to it.
What It Is
The NIST AI Risk Management Framework (AI RMF) is a voluntary framework published by the National Institute of Standards and Technology to help organizations manage risks from artificial intelligence throughout its lifecycle. It is not a certification: there is no audit or attestation to hold, only a structure to align practices against.
The Seven Characteristics of Trustworthy AI
NIST AI RMF defines trustworthy AI by seven characteristics. Here is what each means, and where VIDIZMO has concrete evidence behind it today:
- Valid and reliable: the system performs as intended, consistently, across the conditions it is meant to operate in.
- Safe: the system does not endanger human life, health, property, or the environment.
- Secure and resilient: the system withstands adverse events and keeps operating. VIDIZMO backs this with platform-wide encryption, access control, and incident response, the same practices covered elsewhere in this Trust Center.
- Accountable and transparent: the organization behind the system is answerable for how it is built and used. VIDIZMO’s published Responsible AI Policy and model inventory, the “bill of models,” provide that visibility.
- Explainable and interpretable: outputs can be understood in the context of the system’s design and intended use.
- Privacy-enhanced: the system respects how data is collected, used, and retained. VIDIZMO does not train models on customer data without explicit written authorization.
- Fair, with harmful bias managed: the system avoids unjust or systematically unfavorable treatment of individuals or groups.
What NIST AI RMF Majorly Requires, and How VIDIZMO Supports It
NIST AI RMF is organized around four functions, each broken into more specific categories. They are meant to work together on an ongoing basis, not as a one-time checklist:
- Govern: builds a culture of AI risk management across the organization, and cuts across the other three functions rather than sitting apart from them.
- Policies, processes, and practices for AI use, and how transparently they are enforced
- Accountability structures: defined roles, responsibilities, and reporting lines for AI decisions
- Documented organizational risk tolerance for AI use
- Workforce culture: diversity, equity, and risk-awareness across the teams building and operating AI
- Processes for managing third-party and supply chain AI risk
- Map: establishes the context for a specific AI system before it is assessed further.
- The context: what the system is intended to do, and the business purpose behind it
- Who uses the system and how, including the specific use case it is deployed for
- What could realistically go wrong for the people affected by that use case
- Measure: analyzes and monitors AI risk on an ongoing basis, not just at launch.
- Quantitative methods: measurable metrics tested against defined risk thresholds
- Qualitative methods: structured review and expert judgment where behavior is not easily reduced to a number
- Tracking identified risks over time, not just at a single point of testing
- Manage: allocates resources to the risks identified through Map and Measure.
- Deciding whether to mitigate, transfer, avoid, or accept each identified risk
- Planning and implementing responses that maximize benefit and minimize harm
- Monitoring risk treatments after deployment, not only before launch
Scope & Limitations
NIST AI RMF is voluntary: there is no certification or independent audit to hold against it. What is described above is how VIDIZMO's existing practices map to the framework's structure, not a formal attestation. VIDIZMO's documented evidence maps most directly to the secure and resilient, accountable and transparent, and privacy-enhanced characteristics.