Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has released version 2.0 of its AI Risk Management Framework (AI RMF), introducing significant updates for organizations developing and deploying AI systems. Key changes include a new mandate for continuous, independent red teaming for high-risk AI applications, such as those in critical infrastructure and healthcare. Furthermore, the framework now requires developers to maintain and publish detailed data provenance and model training logs to enhance transparency and traceability. This 'AI Bill of Materials' is aimed at helping downstream users better understand model limitations and potential biases. While the framework remains voluntary for most industries, federal agencies and their contractors will be required to comply within the next fiscal year, setting a new de facto standard for responsible AI development and security assurance in the United States.