Welcome to the draft NIST AI Risk Management Framework (AI RMF) Playbook – a companion resource for the AI RMF.
The Playbook suggests ways to navigate and use the AI Risk Management Framework (AI RMF) to incorporate trustworthiness considerations in the design, development, deployment, and use of AI systems.
• The current draft Playbook is based on AI RMF 1.0 (released on January 26, 2023) and includes suggested actionsSuggested Playbook actions are not intended to be comprehensive, but instead provide foundational perspectives on trustworthy and responsible AI concepts and practices to date. To remain non-prescriptive, suggestions are specific but not too granular., referencesSuggested references for additional reading are informational only and intended to serve as a sampling from the available literature on the given topic or subtopic area., and documentation guidanceGuidance for transparency efforts can be used by organizations to consider and document their AI risk management activities. to achieve the outcomes for the four functions in the AI RMF: Govern, Map, Measure, and Manage.
• Playbook suggestions are developed based on best practices and research insights.
Playbook content is not considered final and is being released to enable community review and feedback about its informativeness, accuracy, and specificity. Aspects related to the presentation and delivery of Playbook suggestions are under development. Future online versions may include options for filtering or tailoring information to user preferences and requirements.
The Playbook is an online resource and will be hosted temporarily on GitHub Pages. Its permanent home will be in the NIST Trustworthy and Responsible AI Resource Center.
The AI Risk Management Framework (AI RMF 1.0) and this companion Playbook are intended for voluntary use.
The content has been developed considering a range of applications and risk levels. Playbook users are expected to exercise discretion and utilize as many – or as few – suggestions as they believe are appropriate and apply to their use cases or interests. Certain elements of the guidance may not be applicable in various contexts, including in low-risk implementations.