Version:
0.1.0-alphaMaturity:Docs-first starterBasis:NIST AI RMF 1.0 (NIST AI 100-1, January 2023)
ai-rmf-starter is a practical starter kit for teams who want to operationalize the NIST AI Risk Management Framework instead of only reading it.
This repo is designed to help a team:
- define AI governance and accountability
- document intended use and misuse cases
- map benefits, harms, and affected stakeholders
- create measurable trustworthiness checks
- maintain an AI risk register and response plan
- produce current and target AI RMF profiles
- adapt sample machine-readable governance artifacts
The first worked example in this repo is based on state-policy-rag-starter, a public-sector-oriented RAG system for policy-grounded answers.
This is a strong next step after state-policy-rag-starter.
Why it fits well:
state-policy-rag-startershows how to build and run an AI systemai-rmf-startershows how to govern, assess, and monitor that system- together they form a better story for public sector, enterprise, and regulated environments
state-policy-rag-starterTechnical starter for a public-sector-oriented policy RAG system.state-policy-rag-uiCross-platform UI client for the policy RAG stack.
This starter is organized around the four NIST AI RMF core functions:
GovernMapMeasureManage
It also accounts for the trustworthiness characteristics emphasized in NIST AI RMF 1.0:
- valid and reliable
- safe
- secure and resilient
- accountable and transparent
- explainable and interpretable
- privacy-enhanced
- fair, with harmful bias managed
- docs/FRAMEWORK_OVERVIEW.md Short explanation of the RMF and how this repo uses it.
- docs/IMPLEMENTATION_GUIDE.md A practical rollout guide for a team adopting this framework.
- docs/NIST_ALIGNMENT.md A lightweight mapping from this repo to NIST AI RMF 1.0.
- templates/system-intake.md Intake template for a new AI system.
- templates/current-profile.md Current-state AI RMF profile template.
- templates/target-profile.md Target-state AI RMF profile template.
- templates/risk-register.csv Starter risk register.
- templates/governance-checklist.md Governance and accountability checklist.
- templates/measurement-plan.md TEVV and trustworthiness measurement template.
- templates/incident-response-playbook.md Response and recovery template for AI incidents.
- examples/state-policy-rag-profile.md
Stronger worked example using the
state-policy-rag-starterproject as the system in scope. - examples/code/README.md Lightweight machine-readable examples for launch gates, profiles, and risk tracking.
If you are new to AI governance, use this order:
- Read docs/FRAMEWORK_OVERVIEW.md.
- Copy templates/system-intake.md for your project.
- Fill out templates/current-profile.md with what exists today.
- Fill out templates/target-profile.md with what you want before production.
- Start your risk register from templates/risk-register.csv.
- Use templates/measurement-plan.md to define how you will test trustworthiness claims.
This repo is especially useful for:
- RAG assistants for internal policy or knowledge retrieval
- public sector AI pilots
- procurement and architecture review packages
- internal AI review boards
- AI systems that need auditability and human oversight
This repo is still intentionally lightweight, but it now includes a small examples/code/ area for teams who want starter artifacts they can adapt into internal tools, CI checks, or governance workflows.
Examples include:
- a sample launch-gates YAML file
- a sample current-profile YAML file
- a sample risk-register JSON file
- This repo is not a certification program.
- This repo does not replace legal, privacy, security, or procurement review.
- This repo summarizes and operationalizes the NIST framework; it does not reproduce the full publication.
Primary source used for this starter:
- NIST AI 100-1, Artificial Intelligence Risk Management Framework (AI RMF 1.0), January 2023
- DOI: https://doi.org/10.6028/NIST.AI.100-1
Local source file used during creation: