Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has officially released version 2.0 of its AI Risk Management Framework (AI RMF). This major update introduces more stringent and actionable guidelines for organizations developing and deploying AI systems, particularly those used in critical infrastructure. Key changes include a new requirement for continuous, automated auditing of model behavior and a mandate for regular, independent red teaming to proactively identify vulnerabilities like bias, evasion, and potential for misuse. The framework also expands guidance on AI supply chain security, calling for the use of AI Bills of Materials (AIBOMs) to ensure transparency in data sources and model components. While adoption of the framework remains voluntary for most private sector companies, federal agencies are now required to comply, and it is expected to become the de facto standard for the industry.