Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST AI Risk Management Framework (AI RMF)

NIST AI Risk Management Framework (AI RMF)

The Artificial Intelligence Risk Management Framework (AI RMF) is designed in collaboration with private and public sectors. It is a practical guide to enable individuals and organizations to manage risks posed by generative AI in a way that aligns with their goals and objectives. 

NIST AI RMF is a voluntary framework developed to help users ensure transparency and trustworthiness into the end to end process of AI usage that includes its designing, developing, and evaluation. It aims to facilitate the use of AI in a way that emphasizes human centricity, social responsibility, and sustainability. 

The framework covers these areas:

  1. Framing risk: Understanding and addressing the impacts, challenges, and harms caused by risks.
  2. Audience: Involves the perspectives and impacts from a broad perspective of actors throughout its lifecycle. 
  3. AI risks and trustworthiness: Ensure that AI systems are trustworthy by being responsive to all interested parties.
  4. Effectiveness: Describes how users can benefit from the framework.
  5. RMF core: Outlines the actions and outcomes to promote the collaboration, understanding, and other activities that help to develop trustworthy AI systems though these functions – govern, map, measure, and manage. 
  6. Profiles: These are implementation of functions, categories, and subcategories for applications based on the specific requirement, risk tolerance level, and resources of the user.

Additional reading

GRC Business Resilience: The Key to Future-Ready Enterprises

TL,DR: GRC business resilience connects governance, risk, and compliance to continuity planning. It helps CISOs, auditors, risk teams, and executives respond under disruption without losing control. The article explains resilience strategy, threat awareness, policy enforcement, and regulatory continuity. Disruptions never inform or send an RSVP; they break in. Disruptions, from geopolitical issues to cyberattacks and…

12 Best Healthcare GRC software in 2026

The healthcare industry has seen a surge in cyber incidents with over 700 data breaches disclosed publicly in 2022. This pattern is steadily rising since 2019. These breaches have underscored the urgent need for a strong governance, risk, and compliance measures across all organizations, especially the highly regulated ones.  Healthcare GRC software has emerged as…

GRC Integrated Risk Management: Bridging Compliance and Strategic Risk

TL,DR: GRC integrated risk management combines compliance discipline with enterprise-wide risk visibility. It aligns risk work with business decisions instead of treating compliance as the endpoint. The article covers GRC versus IRM, shared data, monitoring, cross-team ownership, and early issue detection. GRC is a long-established discipline that has shaped how organizations set policies, measure risk,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.