Compliance
NIST AI Risk Management Framework with Prism
Each NIST AI RMF function has subcategories that demand evidence. Prism produces it: from MEASURE-2.7 trace logs to MANAGE-2.1 adversarial test results.
- Govern: documented AI program and inventory
- Map: per-system risk register and context
- Measure: continuous quality and safety metrics
- Manage: prioritized response with audit-grade evidence
About this framework
NIST AI 100-1, the Artificial Intelligence Risk Management Framework (AI RMF), is a voluntary framework published by the U.S. National Institute of Standards and Technology in January 2023. It defines four functions — Govern, Map, Measure, and Manage — each broken into subcategories. While voluntary at the federal level, NIST AI RMF is increasingly required in federal contracts and is the de-facto baseline U.S. enterprises adopt for AI risk programs.
Who needs to comply
Industries this applies to
Federal contractors
Many federal AI contracts now require NIST AI RMF alignment.
Banking
Adopted as a baseline alongside SR 11-7 for AI-specific risks.
Insurance
Used as a complement to NAIC for non-state-specific AI risk.
Healthcare
Layered with HIPAA for AI-specific risk management.
Coverage
NIST AI RMF subcategories Prism directly evidences
MEASURE-2.7 (logging and metrics)
Prisms capture every LLM call with model, latency, cost, quality score, guardrail status. Continuous, exportable.
MEASURE-2.6 (evaluation regimes)
Prism Evaluations score every trace across five dimensions: accuracy, relevance, tone, consistency, completeness.
MANAGE-2.1 (adversarial testing)
Prism Red Teaming runs curated jailbreak, prompt injection, and policy-bypass tests with severity tagging.
GOVERN-1.5 (system inventory)
Prism Projects organize models, datasets, and audit history per project for clean ownership.
MAP-5.1 (system context)
Prism Agent Trajectories record what the system actually does: tools called, reasoning, memory access.
GOVERN-3.2 (third-party AI)
Prism X Audit Events extends governance to consumer-AI tools used by employees.
Read the source
Go straight to the regulator
Not familiar with this framework? These are the authoritative sources, opened in a new tab.
Built for: Federal contractors and risk teams adopting NIST AI RMF voluntarily or under federal mandate
Related
Prism
PRISMtrace is the observability and governance platform for teams running LLMs and AI agents in production. Capture traces, enforce guardrails, evaluate quality, and generate compliance evidence from one platform.
LLM Evaluations
Define quality rubrics, score every interaction, and catch regressions before users do, with automated evaluators that run on every trace or on a schedule you control.
AI Red Teaming
Structured adversarial testing to find prompt injection vulnerabilities, guardrail bypasses, and unsafe behaviors, before they reach production.
Prism X
Prism X enforces data loss prevention policy in the browser, before prompts and uploads reach third-party AI services. Signed policy, real-time enforcement, audit-grade events.
EU AI Act Compliance
The EU AI Act's high-risk category includes credit, employment, and insurance scoring. Prism is built to satisfy the logging, transparency, and oversight articles.
ISO/IEC 42001 AI Management System
ISO 42001 is the first auditable management-system standard for AI. Prism produces the operational evidence each clause asks an internal auditor to see.
Model Risk Management for AI — SR 11-7 Revised Guidance
The interagency Revised Guidance on Model Risk Management supersedes SR 11-7 and SR 21-8. The three-pillar discipline carries forward, scaled to each bank's model risk profile. Prism produces the evidence at every tier.
AI compliance and risk management for banks
From underwriting copilots to fraud-screening agents, banks need the same model risk discipline they have for traditional models. Prism is built around it.
AI governance for insurance
Insurers face NAIC's Model Bulletin and a patchwork of state-level AI rules. Prism gives carriers one platform to produce the evidence each one demands.
AI compliance for asset managers
From research copilots to trading-signal models, asset managers face SEC, FINRA, and SR 11-7 expectations on AI. Prism produces the evidence per system.
Start tracing in 5 minutes
One SDK. Five minutes. Full audit trails, PII redaction, and guardrail enforcement, from day one.