Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has officially released version 2.0 of its AI Risk Management Framework (AI RMF 2.0). In a significant policy shift from its predecessor's voluntary guidelines, the new framework introduces mandatory, auditable security controls for organizations developing or deploying what it defines as 'high-impact' AI systems. These systems include those used in critical infrastructure, autonomous vehicles, financial trading, and medical diagnostics. The framework mandates specific practices for data provenance, continuous adversarial testing, model bill of materials (MBOM), and formal red-teaming with public disclosure requirements. Non-compliance could result in federal agencies being barred from procuring the software. This move signals a more assertive regulatory stance from the U.S. government on AI safety and security, forcing companies in high-stakes sectors to integrate security as a core, verifiable component of the AI lifecycle rather than an afterthought. The industry has 18 months to prepare for the first compliance audits.