ponens

Organizations / NIST

NIST

National Institute of Standards and Technology · www.nist.gov/itl/ai-risk-management-framework

NIST publishes the foundational AI and software-security frameworks used worldwide. Its AI Risk Management Framework (AI RMF 1.0) manages AI risk across the lifecycle (Govern/Map/Measure/Manage), and its Secure Software Development Framework (SSDF, SP 800-218) defines secure-development practices (Prepare / Protect / Produce / Respond). Both are voluntary, and both are the basis for the packs below.

How the publications map to ponens policies

The NIST AI RMF is a lifecycle risk-management framework, not a runtime or conduct regime, so it brings a shape distinct from the financial-regulator packs: four functions — GOVERN (policies, accountability, culture), MAP (context, categorization, impacts), MEASURE (evaluate the seven trustworthiness characteristics), and MANAGE (prioritize, treat, respond, third-party). ponens turns each function's subcategories into policies over an AI system's lifecycle record: that risk policies and accountable roles exist, that context and impacts were mapped and the system categorized before deployment, that the trustworthiness characteristics were measured, and that risks are treated and incidents responded to.

The seven trustworthiness characteristics — valid & reliable, safe, secure & resilient, accountable & transparent, explainable & interpretable, privacy-enhanced, and fair (harmful bias managed) — land under MEASURE as the conditions a system must be evaluated against before deployment. Running the pack with ponens trace check aggregates to Green / Amber / Red: missing risk policies, no impact mapping, unmeasured safety/fairness, or an unhandled incident is Red; legal-requirement mapping, transparency/explainability measurement, ongoing tracking and third-party risk are Amber. The framework is voluntary, so this pack is a way to make AI-RMF adoption auditable rather than aspirational.

NIST AI Risk Management Framework

The NIST AI RMF 1.0 — GOVERN, MAP, MEASURE, MANAGE and the seven trustworthiness characteristics — as computable policies over an AI system's lifecycle record.

Open in gallery 15 Read the spec →

Maps the NIST AI Risk Management Framework (AI RMF 1.0) onto ponens policies. The four core functions become policy groups and the seven trustworthiness characteristics land under MEASURE, making voluntary AI-RMF adoption auditable: risk policies and accountability in place (GOVERN), context/categorization/impacts mapped (MAP), trustworthiness characteristics measured (MEASURE), and risks prioritized/treated with incident response (MANAGE).

Source: NIST AI 100-1, AI Risk Management Framework 1.0 (2023).

GOVERN 3

rmf_govern_accountability_assigned error

NIST AI RMF: GOVERN — Accountability Assigned

Clear roles, responsibilities and lines of accountability for the AI system are established.

G((Deploy ∨ Decision) → accountable_role)
rmf_govern_legal_requirements_mapped warning

NIST AI RMF: GOVERN — Legal Requirements Mapped

Applicable legal and regulatory requirements involving AI are understood and managed.

G(Deploy → P(legal_requirements_mapped))
rmf_govern_policies_in_place error

NIST AI RMF: GOVERN — Risk Policies In Place

AI risk management policies and processes are in place and applied across the AI lifecycle.

G((Deploy ∨ Decision) → P(risk_policy_in_place))

MAP 3

rmf_map_context_established error

NIST AI RMF: MAP — Context Established

The context — intended purpose, setting, and the AI system's role — is established and documented before deployment.

G(Deploy → P(context_established))
rmf_map_impacts_characterized error

NIST AI RMF: MAP — Impacts Characterized

Potential impacts, benefits and risks to individuals, groups, communities and society are mapped.

G(Deploy → P(impacts_characterized))
rmf_map_system_categorized error

NIST AI RMF: MAP — System Categorized

The AI system is categorized by its capabilities, intended use, and risk level.

G(Deploy → P(system_categorized))

MEASURE (Trustworthiness) 5

rmf_measure_fairness_bias error

NIST AI RMF: MEASURE — Fairness & Bias

The AI system is measured for fairness, with harmful bias identified and managed.

G(Deploy → P(fairness_measured ∧ bias_managed))
rmf_measure_ongoing_tracking warning

NIST AI RMF: MEASURE — Ongoing Tracking

Mechanisms are in place to track identified AI risks and system performance over time.

G(Output → tracked)
rmf_measure_security_privacy error

NIST AI RMF: MEASURE — Security & Privacy

The AI system is measured for the secure-&-resilient and privacy-enhanced characteristics.

G(Deploy → P(security_resilience_measured ∧ privacy_measured))
rmf_measure_transparency_explainability warning

NIST AI RMF: MEASURE — Transparency & Explainability

The AI system is measured for the accountable-&-transparent and explainable-&-interpretable characteristics.

G(Deploy → P(transparency_measured ∧ explainability_measured))
rmf_measure_validity_safety error

NIST AI RMF: MEASURE — Validity & Safety

The AI system is measured for the validity & reliability and safety trustworthiness characteristics before deployment.

G(Deploy → P(validity_reliability_measured ∧ safety_measured))

MANAGE 4

rmf_manage_incident_response error

NIST AI RMF: MANAGE — Incident Response

AI incidents and negative impacts are responded to, recovered from, and communicated.

G(Incident → F(responded ∧ recovered))
rmf_manage_risk_treated error

NIST AI RMF: MANAGE — Risk Treated

Each identified risk is treated — mitigated, transferred, avoided, or formally accepted.

G(identified_risk → P(risk_treated))
rmf_manage_risks_prioritized error

NIST AI RMF: MANAGE — Risks Prioritized

AI risks are prioritized and acted upon based on assessment and impact.

G(Deploy → P(risks_prioritized))
rmf_manage_thirdparty_risks warning

NIST AI RMF: MANAGE — Third-Party Risks

Risks from third-party AI resources (models, data, services) are identified and managed.

G(third_party_ai → P(thirdparty_risk_managed))

NIST SSDF (Secure Software Development)

The NIST SSDF (SP 800-218) secure-development practices — Prepare the Organization, Protect the Software (integrity/provenance), Produce Well-Secured Software, Respond to Vulnerabilities — as computable policies over a development/release trace.

Open in gallery 14 Read the spec →

Maps the NIST Secure Software Development Framework onto ponens policies. The four SSDF practice groups become policy groups: PO (security requirements, roles, secure toolchain), PS (release signing, provenance/SBOM, archival), PW (threat modeling, security review/analysis/testing, secure defaults, no open vulnerabilities at release), and RV (ongoing vulnerability analysis, assessment & remediation, root-cause analysis).

Source: NIST SP 800-218 SSDF v1.1.

PO — Prepare the Organization 3

ssdf_po_roles_defined warning

NIST SSDF: PO — Roles & Responsibilities

Roles and responsibilities for the secure development process are defined (PO.2).

G(Release → P(security_roles_defined))
ssdf_po_security_requirements_defined error

NIST SSDF: PO — Security Requirements Defined

Security requirements for the software and its development are defined (PO.1).

G(GitCommit → P(security_requirements_defined))
ssdf_po_toolchain_secured warning

NIST SSDF: PO — Toolchain Secured

Supporting toolchains and development environments are configured to improve security (PO.3).

G(GitCommit → P(secure_toolchain))

PS — Protect the Software 3

ssdf_ps_provenance_recorded error

NIST SSDF: PS — Provenance / SBOM Recorded

Provenance data (e.g. an SBOM) for each release is recorded (PS.3).

G(Release → P(provenance_recorded))
ssdf_ps_release_archived warning

NIST SSDF: PS — Release Archived

Each release and its associated files are archived and protected (PS.1/PS.3).

G(Release → P(release_archived))
ssdf_ps_release_signed error

NIST SSDF: PS — Release Integrity Protected

Each software release is integrity-protected (e.g. cryptographically signed) against tampering (PS.2).

G(Release → P(artifact_signed))

PW — Produce Well-Secured Software 5

ssdf_pw_no_open_vuln_at_release error

NIST SSDF: PW — No Open Vulnerability at Release

No known unaddressed vulnerability remains open at release.

G(Release → ¬open_vulnerability)
ssdf_pw_secure_defaults warning

NIST SSDF: PW — Secure Default Settings

Software is configured with secure default settings (PW.9).

G(Release → secure_defaults)
ssdf_pw_security_review error

NIST SSDF: PW — Security Review / Analysis

Code is reviewed and/or analyzed for security before it is accepted (PW.7/PW.8).

G(GitCommit → P(security_review ∨ static_analysis))
ssdf_pw_security_tested error

NIST SSDF: PW — Security Tested

Executable code is security-tested before release (PW.8).

G(Release → P(security_tested))
ssdf_pw_threat_modeled error

NIST SSDF: PW — Threat Modeled

The design is reviewed against security requirements and threats (threat modeling) (PW.1/PW.2).

G(GitCommit → P(threat_modeled))

RV — Respond to Vulnerabilities 3

ssdf_rv_root_cause_analysis warning

NIST SSDF: RV — Root-Cause Analysis

Root-cause analysis is performed to reduce the frequency of future vulnerabilities (RV.3).

G(Finding → F(root_cause_recorded))
ssdf_rv_vulnerability_analysis warning

NIST SSDF: RV — Vulnerability Analysis

Releases are continuously analyzed to identify vulnerabilities (RV.1).

G(Release → P(vuln_analysis))
ssdf_rv_vulnerability_remediated error

NIST SSDF: RV — Vulnerability Remediated

Each identified vulnerability is assessed and remediated or mitigated (RV.2).

G(Finding → assessed ∧ (remediated ∨ mitigated))