Skip to main content
AegisPlane
What is the NIST AI RMF?

Turn the NIST AI RMF

into a control on every request.

The NIST AI RMF is the trust standard for AI in enterprise and government, and buyers now ask for it by name. AegisPlane turns its 4 functions into live checks on your traffic. Every decision becomes evidence for your risk program.

No code changes. Live on your traffic in a day.

4Core functions
VoluntaryBut widely required
0Code changes
12frameworks & standards checked
11LLM providers, one gateway
Article-levelpolicy engine (OPA)
Every requestlogged as evidence

One control sits in front of every model your teams already call, checking each request against the standards your auditors recognize.

The framework

What is the NIST AI RMF?

AI risk that lives in a slide deck is not managed. The NIST AI RMF (version 1.0) is the voluntary framework that fixes that, built around four functions: Govern, Map, Measure, and Manage. U.S. federal agencies and enterprise buyers increasingly require it, so alignment is worth proving.

  • Govern: establish the culture, roles, and accountability for AI risk.
  • Map: understand the context and identify risks of each AI system.
  • Measure: assess, benchmark, and monitor those risks over time.
  • Manage: prioritize and respond to risks with documented actions.
What it requires

The characteristics of trustworthy AI

The RMF defines what trustworthy means. AegisPlane produces evidence against each characteristic on live traffic.

1

Valid and reliable

The system performs as intended. AegisPlane tracks quality and drift on every response, so degradation is caught, not assumed away.

2

Safe and secure

Unsafe outputs are contained. Two-sided guardrails block unsafe requests and responses before they reach a user.

3

Accountable and transparent

Decisions are attributable. Every policy decision is logged with what was checked and which control applied.

4

Privacy-enhanced and fair

Personal data is protected and its use documented. PII is redacted in flight and each interaction is recorded as evidence.

See it work

One request, checked in real time

Here is one interaction. AegisPlane classifies the request, checks it against the framework, blocks what it must, and logs the decision as evidence. It happens in milliseconds, on live traffic.

Business value

  • Continuous, traceable AI risk management.
  • Higher AI governance maturity, proven with records.
  • Faster enterprise and public-sector procurement.
In the AI Control Plane

How AegisPlane operationalizes the NIST AI RMF

AegisPlane maps the four RMF functions to real runtime controls in the AI Control Plane. Governance stops living in a spreadsheet. It starts producing continuous, traceable records.

01

Govern in config-as-code

You encode ownership, policy, and accountability as versioned config. AegisPlane compiles it into a signed bundle: an auditable record of who governs what.

02

Map at the gateway

Every request is classified by intended purpose and context. Risk is mapped per interaction, not once a quarter.

03

Measure continuously

OpenTelemetry captures cost, latency, and quality on every call. Drift and burn-rate alerts keep measurement ongoing, not a one-off assessment.

04

Manage with evidence

Policy decisions and risk responses are logged against the function they support. Your risk program gets a defensible paper trail.

FAQ

Frequently asked questions

The framework is voluntary. But U.S. federal agencies and enterprise buyers increasingly require it in questionnaires and contracts, so demonstrable alignment wins deals.

AegisPlane tags each control and log entry with the function it supports. Config ownership maps to Govern, request classification to Map, telemetry to Measure, and policy responses to Manage.

No. It supplies the continuous runtime evidence your program needs. The framework, roles, and decisions stay yours.

Yes. Frameworks are independent packs. Turn on NIST AI RMF and the EU AI Act together, and each request is checked against both.

Per-interaction risk classification, quality and cost telemetry, drift alerts, and logged policy decisions. All of it exports.

Why now

Continuous checks and evidence, not a stale annual assessment

RMF alignment now shows up as a line item in enterprise RFPs. Every selected framework is checked on live AI traffic and the decision is logged as evidence, so audit prep stops being a fire drill. No code changes.