IS Partners: NIST AI RMF 2025 Updates

web

ispartnersllc.com·ispartnersllc.com/blog/nist-ai-rmf-2025-updates-what-you-...

A practitioner-oriented summary of NIST AI RMF 2025 updates, relevant for organizations implementing AI governance frameworks; less focused on technical AI safety research and more on compliance and risk management practice.

Metadata

Importance: 42/100blog postnews

Summary

This article summarizes the 2025 updates to the NIST AI Risk Management Framework (AI RMF), which expand guidance on AI governance to address generative AI risks, supply chain vulnerabilities, and evolving threat models. The updates aim to help organizations better manage AI-related risks through structured governance practices. It provides a practical overview for compliance and risk management professionals.

Key Points

•NIST AI RMF 2025 updates expand coverage to address generative AI-specific risks and governance challenges.
•New guidance emphasizes supply chain risk management for AI systems, including third-party model and data dependencies.
•The framework updates incorporate evolving threat models relevant to modern AI deployments.
•Updates aim to align AI risk governance with broader organizational risk management practices.
•Practical for organizations seeking compliance with emerging AI governance standards and regulations.

Review

The NIST AI Risk Management Framework (AI RMF) is evolving to address the rapidly changing landscape of AI technologies and associated risks. The 2025 updates represent a significant expansion of the initial 2023 framework, introducing more nuanced approaches to AI governance, risk management, and compliance across various sectors. The updates focus on critical areas including expanded threat taxonomies for generative AI, improved integration with cybersecurity and privacy frameworks, and a more robust approach to third-party AI risk management. By introducing a maturity model and emphasizing continuous improvement, NIST is providing organizations with a more dynamic and adaptive framework for managing AI-related risks. The guidance recognizes the complex challenges posed by emerging AI technologies, particularly generative AI, and seeks to provide practical, actionable guidance for organizations seeking to implement responsible AI practices.

Cited by 1 page

Page	Type	Quality
NIST AI Risk Management Framework (AI RMF)	Policy	60.0

Cached Content Preview

HTTP 200Fetched Apr 9, 202618 KB

NIST AI RMF 2025 Updates: What You Need to Know About the Latest Framework Changes 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 

 
 

 
 
 
 

 
 


 
 
 
 
 
 

 

 
 

 
 
 
 
 
 
 
 
 
 Skip to content 

 
 
 
 
 
 
 
 
 
 
 NIST AI RMF 2025 Updates: What You Need to Know About the Latest Framework Changes 



 
 
 
 
 Written by John DeCesare 


 Published on November 11, 2025


 
 
 
 
 
 Share this article!
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 Solutions 
 
 SOC 
 
 SOC 1 Ensure financial data security for clients and partners. 
 SOC 2 Readiness Save you time and money by ensuring you're fully prepared for your SOC 2 audit. 
 SOC 2 Prove to your customers & vendors that you handle their data securely. 
 SOC for Cybersecurity Prove your commitment to cybersecurity and assure customers their data is secure. 
 SOC 3 Demonstrate commitment to security through the service organization’s controls. 
 SOC for Supply Chain Build a secure and transparent supply chain by complying with SOC standards. 
 

 CMMC 
 
 CMMC Gain access to government contracts by proving you're serious about security. 
 Get My Readiness Score Complete this 5-question form to gain a better understanding of your CMMC certification readiness posture. 
 

 eLearning 
 HITRUST 
 
 HITRUST Adopt a globally recognized, healthcare security framework to enhance credibility. 
 HIPAA Protect sensitive patient data, reduce risk of security breaches and ensure compliance. 
 HITRUST AI Demonstrate your commitment to innovation through the adoption of secure, responsible, and ethical Al practices. 
 

 ISO 
 
 ISO 27001 Protect sensitive information from hackers and security threats, ensuring your data stays safe. 
 ISO 42001 Establish and advance your organization’s AI Management System to ensure secure and responsible AI governance. 
 

 NIST 
 
 NIST 800-53 Protect sensitive data by enhancing cybersecurity and reducing risk. 
 NIST AI RMF Future proof your business by Identifying, assessing, and mitigating AI-related risks. 
 

 PCI 
 
 PCI DSS Protect sensitive customer payment information and reduce the risk of data breaches. 
 PCI Testing Achieve and maintain PCI compliance with a certified ASV scan. 
 PCI Transformation Reduce your payment card footprint, lower costs and simplify compliance. 
 

 Cybersecurity 
 
 DORA NEW Strengthen operational resilience from cyber threats. 
 GLBA Protect customer data, reduce the risk of penalties and safeguard your reputation. 
 FISMA Enhance security, reduce risk, and increase trust with stakeholders. 
 MAR/SOX Improve financial transparency, reduce accounting fraud, and enhance investor confidence. 
 NIST AI RMF Future proof your business by Identifying, assessing, and mitigating AI-related risks. 
 Penetration Testing Services Identify network vulnerabilities and entry points that attackers could exploit. 
 CMMC

... (truncated, 18 KB total)

Resource ID: 9cee6973d2600801 | Stable ID: sid_4bsNzxTtAx