NIST AI RMF Checklist
Free 10-point self-assessment for the NIST AI Risk Management Framework (AI RMF 1.0). Covering Govern, Map, Measure, and Manage functions with governance mapping.
1. Leadership & Accountability
Defined AI governance roles and responsibilities
Have you assigned specific individuals or teams responsible for AI risk governance, with documented roles and decision-making authority?
Governance mapping: HUMMBL's governance bus captures who authorized each decision, creating an immutable audit trail of accountability.
Organizational risk tolerance documented
Have you documented your organization's risk tolerance for AI systems, including acceptable thresholds for bias, privacy, safety, and performance failures?
Governance mapping: HUMMBL's cost governor enforces budget ceilings as a concrete expression of risk tolerance.
2. Context & Risk Identification
AI system context documented
Have you documented the intended purpose, expected users, deployment environment, and intended benefits of each AI system?
Governance mapping: The delegation token system encodes scope and context directly into every authorization, preventing scope creep.
Stakeholders identified and engaged
Have you identified all stakeholders affected by the AI system (users, affected individuals, operators, regulators) and documented their concerns?
Governance mapping: The governance bus captures stakeholder intent through structured metadata on every bus message.
Risk categorization framework applied
Have you categorized AI risks by likelihood and impact, using a structured framework (e.g., NIST risk taxonomy or your organization's standard)?
Governance mapping: HUMMBL's kill switch uses 4 escalation modes (DISENGAGED → HALT_NONCRITICAL → HALT_ALL → EMERGENCY) as a graduated risk response.
3. Evaluation & Monitoring
Performance metrics defined and tracked
Have you defined quantitative metrics for AI system performance (accuracy, latency, fairness, robustness) and implemented continuous monitoring?
Governance mapping: The circuit breaker automatically trips when external adapter error rates exceed thresholds, providing automatic performance monitoring.
Bias and fairness assessments conducted
Have you assessed the AI system for demographic bias, fairness across subgroups, and disparate impact on protected classes?
Governance mapping: Regular bias audits should be logged as governance bus events with full provenance and results.
Human oversight mechanisms in place
Have you defined when and how humans review, override, or stop AI system outputs? Are there clear escalation paths for edge cases?
Governance mapping: HUMMBL's kill switch provides explicit human-in-the-loop control with file-system-persisted halt states that survive restarts.
4. Response & Improvement
Incident response plan for AI failures
Do you have a documented incident response plan specific to AI system failures, including containment, communication, and recovery procedures?
Governance mapping: The circuit breaker + kill switch chain provides automatic containment. The governance bus provides immutable incident logs.
Continuous improvement process established
Do you have a regular review cycle (e.g., quarterly) for reassessing AI risks, updating controls, and incorporating lessons learned?
Governance mapping: Governance bus logs enable longitudinal analysis of control effectiveness across review cycles.
Need a detailed gap analysis?
Our interactive NIST AI RMF Readiness Assessment provides 12 detailed questions with control-level remediation recommendations and a downloadable report.
Take the Interactive Assessment →