To properly assess an organization within its context, you need to determine the assessed organization's role relative to AI since its processes will vary depending upon that role and its AI application.

Select the vendor's primary role in the AI ecosystem. This determines which controls are applicable by default.

To properly assess an organization within its AI-technology context, you need to determine whether generative AI is within scope of the assessment. The NIST AI RMF Playbook recommends approximately 431 practices (tasks) supporting the 72 baseline subcategory control objectives and controls, and the NIST AI 600-1 Generative AI Profile adds 211 additional Suggested Actions across 49 of those 72.

Select the scope of your AI RMF assessment. This determines whether the AI 600-1 Generative AI Profile overlay is included.

This is a composite assessment family. Select which standard you would like to assess first. You can return to this picker at any time and assess additional family members.

Select one of the family members below to scope your assessment.

This assessment tool is provided by Certified Information Security for professional use. By proceeding, you acknowledge that: (1) this tool is proprietary and protected by copyright; (2) the assessment methodology, control mappings, and report format are the intellectual property of Certified Information Security; (3) you will not copy, modify, reverse-engineer, or redistribute this tool; (4) results are based on assessor judgment and do not constitute legal advice or regulatory certification; (5) Certified Information Security is not liable for decisions made based on assessment results.

Use at Your Own Risk; No Guarantees

This tool is provided for informational purposes only. By using this software, you acknowledge and agree that:

• No Warranty: The tool and its results are provided "as is" and "as available" without any warranty of accuracy, completeness, or reliability.
• Assumption of Risk: You assume all risks associated with the use of this tool, including any decisions made based on its output.
• No Professional Advice: The results generated do not constitute professional advice. You should consult with a qualified professional before taking action.
• Limitation of Liability: Certified Information Security shall not be liable for any direct, indirect, or consequential damages or losses resulting from your use of, or inability to use, this tool.

Other applicable terms and restrictions are available for review at Website Terms and Conditions of Use, Privacy Policy, and Copyright Statement.