IS Partners: NIST AI RMF 2025 Updates

The NIST AI Risk Management Framework (AI RMF) is evolving to address the rapidly changing landscape of AI technologies and associated risks. The 2025 updates represent a significant expansion of the initial 2023 framework, introducing more nuanced approaches to AI governance, risk management, and compliance across various sectors. The updates focus on critical areas including expanded threat taxonomies for generative AI, improved integration with cybersecurity and privacy frameworks, and a more robust approach to third-party AI risk management. By introducing a maturity model and emphasizing continuous improvement, NIST is providing organizations with a more dynamic and adaptive framework for managing AI-related risks. The guidance recognizes the complex challenges posed by emerging AI technologies, particularly generative AI, and seeks to provide practical, actionable guidance for organizations seeking to implement responsible AI practices.