• workshop_dense_100#slide 86

The NIST AI RMF is a voluntary, risk-management-oriented framework that organises AI governance through four iterative functions: Map, Measure, Manage, and Govern. In the RAIDT papers, its significance lies not in legal compulsion but in practical influence. The papers note that NIST and the Generative AI Profile shape procurement, public-sector governance, assurance practice, and organisational risk management even where they are not mandatory. They also emphasise that the RMF expects structured documentation, review, operational controls, and evidence-bearing routines rather than reliance on principle statements alone.

Within RAIDT, the value of the NIST AI RMF is that it clarifies what good risk governance should do, while RAIDT clarifies what evidence should exist for one material use. RAIDT treats the run as the unit of governance and assesses it through the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability). The organisation therefore does not stop at saying that risk was mapped or managed; it produces a run-level evidence pack and a score profile showing whether that claim is defensible for this run. Using anchors 1=missing / 3=partial / 5=audit-ready, RAIDT makes governance readiness comparable across workflows and reviewers. It also allows influence methods as governance interventions to be logged and evaluated, so that prompting, retrieval, alignment controls, or adapters are not hidden sources of risk. For RAIDT, then, the NIST AI RMF matters because it provides the risk architecture, while RAIDT makes that architecture inspectable, contestable, and operational at run level.

In healthcare, a clinician uses generative AI to summarise a chest-pain consultation into symptoms, diagnosis, treatment, and red flags. The NIST AI RMF helps the organisation map the clinical context and safety risk, measure whether key warnings and uncertainty are preserved, manage the risk through conservative controls and escalation, and govern the workflow through clinical oversight. RAIDT turns that abstract cycle into a reviewable record by capturing a run-level evidence pack with the prompt constraints, model and version, output, and the human checks attached to the case.

The score profile then shows whether the run was actually governable. A low Responsibility or Dependability score would indicate that the summary cannot be relied upon without stronger safeguards. That is why the NIST AI RMF matters in RAIDT: the RMF defines the risk-management logic, but RAIDT supplies the concrete evidence needed to justify, review, or challenge a specific high-stakes use.

• 10-RAIDT_Policy_Pathways_M_V50
• 14-RAIDT-Policy-Motivation_M_v11
• 16-RAIDT-Audit-Accountability_M_v05