Design partner program is open
Hootleash
Contact

NIST AI RMF 1.0 · AI 100-1 + AI 600-1

The four NIST functions, pre-implemented.

NIST AI RMF 1.0 is the gravitational centre of US AI governance - referenced by the CFPB, FDA, SEC, FTC, EEOC, and most sector regulators. Hootleash implements every category and subcategory out of the box, including the Generative AI Profile (AI 600-1).

Apply for design partnership Talk to NIST lead

Core functions

Govern · Map · Measure · Manage.

GOV

Govern

The cross-cutting function. Sets organisational culture, accountability, policy, and oversight that make the other three functions repeatable.

  • GOV-1 Policy & culture
  • GOV-2 Roles & responsibilities
  • GOV-3 Supplier oversight
  • GOV-4 Capabilities & training
  • GOV-5 Compliance
  • GOV-6 Lifecycle stewardship

MAP

Map

Establishes context. Identifies AI capabilities, lifecycle stage, intended use, third-party dependencies, and impacts.

  • MAP-1 Context
  • MAP-2 AI capability characterisation
  • MAP-3 Lifecycle stage
  • MAP-4 Impact characterisation
  • MAP-5 Third-party considerations

MEAS

Measure

Analyses and tracks AI risk with quantitative and qualitative methods over time.

  • MEAS-1 Identify methods
  • MEAS-2 Evaluate
  • MEAS-3 Monitor performance
  • MEAS-4 Feedback & assessment

MAN

Manage

Allocates resources to treat risks, prioritises responses, documents residual risk, and communicates with stakeholders.

  • MAN-1 Risk treatment
  • MAN-2 Prioritisation
  • MAN-3 Incident response
  • MAN-4 Communication

Generative AI Profile · AI 600-1

GenAI risks NIST flagged. Controls Hootleash ships.

  • CBRN information misuse - content filters and tool boundaries enforced inline.
  • Confabulation - citation provenance and grounded-generation evidence captured per response.
  • Dangerous, violent, or hateful content - multi-tier safety filters plus reputational scoring.
  • Data privacy - inline PII / PHI minimisation and purpose-of-use checks.
  • Environmental impact - per-call compute accounting and aggregate carbon evidence.
  • Information integrity - watermarking, provenance manifests, and tamper-evident logs.
  • IP infringement - license-aware retrieval boundaries and audit-ready training data summaries.

Ready when you are

See your stack against the RMF crosswalk.

We're building Hootleash in private design partnership with a small number of regulated enterprises. If you run autonomous AI in production, get in touch.

Apply for design partnership Talk to us

Pre-launch · design partner program open · early access 2026