Applying the NIST Risk Management Framework to Emerging Technologies

Описание: Victoria Yan Pillitteri, Manager of the Security Engineering and Risk Management Group at NIST, explains how the NIST Risk Management Framework (RMF) provides a technology-agnostic process for managing cybersecurity risks across both government and private sector organizations. She stresses that RMF is not a checklist but a flexible methodology tailored to each organization’s needs. Public feedback plays a key role in refining security and privacy controls, with NIST accepting comments year-round. Looking ahead, Pillitteri outlines plans to develop security control overlays for different AI use cases—predictive, generative, and agentic—leveraging existing standards and building a community of interest to address unique AI risks.
Key Takeaways:

NIST’s RMF is a flexible, technology-agnostic process for risk management.

Public feedback is essential to improving security and privacy controls.

Upcoming AI-specific overlays will address diverse AI system security needs.