NIST AI Risk Management Framework Crosswalk
This document maps the FSI Agent Governance Framework controls to the NIST AI Risk Management Framework (AI RMF 1.0). Financial services stakeholders have expressed support for voluntary NIST AI RMF adoption, and Treasury has committed to working with financial regulators to clarify its applicability and develop financial sector-specific guidance (December 2024 AI in Financial Services report).
Overview
The NIST AI RMF provides a structured approach to managing AI risks through four core functions:
| Function |
Purpose |
FSI Framework Alignment |
| GOVERN |
Establish AI governance structures and policies |
Pillar 2 (Management), Framework Layer |
| MAP |
Identify and categorize AI systems and risks |
Pillar 3 (Reporting), Zone Classification |
| MEASURE |
Assess and analyze AI risks |
Pillar 1 (Security), Pillar 2 (Testing) |
| MANAGE |
Prioritize and treat AI risks |
All Pillars, Playbooks Layer |
GOVERN Function Mapping
Cultivate and implement a culture of risk management within organizations designing, developing, deploying, evaluating, or acquiring AI systems.
GOVERN 1: Policies, processes, procedures, and practices across the organization
| NIST AI RMF Category |
FSI Controls |
Coverage |
| GOVERN 1.1: Legal/regulatory requirements identified |
2.12, 3.3 |
Full |
| GOVERN 1.2: Processes to assess compliance |
2.6, 2.12 |
Full |
| GOVERN 1.3: Processes for oversight of third-party AI |
2.7 |
Full |
| GOVERN 1.4: Risk management integrated with enterprise |
Framework Layer, 2.6 |
Full |
| GOVERN 1.5: Ongoing monitoring processes established |
3.2, 3.4 |
Full |
| GOVERN 1.6: Mechanisms for inventory of AI systems |
3.1 |
Full |
| GOVERN 1.7: Processes for decommissioning AI systems |
Agent Decommissioning Playbook |
Full |
GOVERN 2: Accountability structures established
GOVERN 3: Workforce diversity and AI literacy
| NIST AI RMF Category |
FSI Controls |
Coverage |
| GOVERN 3.1: Decision-making informed by diverse team |
2.12, RACI |
Partial |
| GOVERN 3.2: AI literacy appropriate to roles |
2.14 |
Full |
GOVERN 4: Organizational culture of AI risk awareness
| NIST AI RMF Category |
FSI Controls |
Coverage |
| GOVERN 4.1: Risk culture embedded in organization |
Framework Layer, Adoption Roadmap |
Full |
| GOVERN 4.2: Feedback mechanisms for AI concerns |
3.10, 3.4 |
Full |
| GOVERN 4.3: Risk management activities documented |
2.13 |
Full |
GOVERN 5: Legal and regulatory requirements
| NIST AI RMF Category |
FSI Controls |
Coverage |
| GOVERN 5.1: Legal compliance integrated |
Regulatory Framework, Regulatory Mappings |
Full |
| GOVERN 5.2: Ongoing monitoring of legal landscape |
Governance Cadence, Compliance Reporting |
Full |
GOVERN 6: External stakeholder risk management
| NIST AI RMF Category |
FSI Controls |
Coverage |
| GOVERN 6.1: Policies for AI-related external risks |
2.7, 1.4 |
Full |
| GOVERN 6.2: Processes for third-party due diligence |
2.7 |
Full |
MAP Function Mapping
Establish context to frame risks related to an AI system.
MAP 1: Context established and documented
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MAP 1.1: Intended purpose documented |
3.1, Agent Inventory Entry |
Full |
| MAP 1.2: Interdependencies identified |
2.17, [Related Controls sections] |
Full |
| MAP 1.3: Technical specifications documented |
Agent metadata, Control documentation |
Full |
| MAP 1.4: Deployment context documented |
Zones and Tiers, Per-Agent Data Policy |
Full |
| MAP 1.5: Expected benefits and costs articulated |
3.5, Business justification |
Full |
| MAP 1.6: Scientific and technical limits known |
3.10, Model documentation |
Full |
MAP 2: AI system categorized
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MAP 2.1: AI system risk categorized |
Zones and Tiers, Zone 1/2/3 classification |
Full |
| MAP 2.2: Risk tolerance established |
Zone requirements, 2.6 |
Full |
| MAP 2.3: Specific risks identified |
AI Risk Assessment Template |
Full |
MAP 3: AI capabilities, targeted usage, and potential misuse documented
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MAP 3.1: Expected and potential uses documented |
Agent Inventory Entry, Per-Agent Data Policy |
Full |
| MAP 3.2: Potential misuse identified |
1.8, 2.20 |
Full |
| MAP 3.3: Trustworthiness requirements identified |
Zone requirements, 2.6 |
Full |
MAP 4: Risks associated with third-party entities identified
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MAP 4.1: Third-party components inventoried |
2.7, Connector inventory |
Full |
| MAP 4.2: Third-party risks assessed |
2.7 |
Full |
MAP 5: Impacts characterized
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MAP 5.1: Benefits and harms to individuals characterized |
2.11, 2.19 |
Full |
| MAP 5.2: Environmental impact considered |
Out of scope (not primary FSI concern) |
N/A |
MEASURE Function Mapping
Employ quantitative, qualitative, or mixed-method tools, techniques, and methodologies to analyze, assess, benchmark, and monitor AI risk.
MEASURE 1: Appropriate methods and metrics identified
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MEASURE 1.1: Approaches for measurement identified |
2.5, 2.6 |
Full |
| MEASURE 1.2: Metrics appropriate to risk |
3.2, 3.10 |
Full |
| MEASURE 1.3: Internal/external evaluations conducted |
2.5, 2.20 |
Full |
MEASURE 2: AI systems evaluated for trustworthiness
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MEASURE 2.1: Tested against trustworthiness characteristics |
2.5, 2.6 |
Full |
| MEASURE 2.2: Safety evaluated |
1.8, 2.20 |
Full |
| MEASURE 2.3: Security and resilience evaluated |
1.8, Pillar 1 Security |
Full |
| MEASURE 2.4: Explainability evaluated |
Zone 1 Explainability |
Partial |
| MEASURE 2.5: Privacy evaluated |
1.5, 1.6, 1.14 |
Full |
| MEASURE 2.6: Fairness evaluated |
2.11 |
Full |
| MEASURE 2.7: Human-AI interaction evaluated |
Human-in-the-Loop, 2.12 |
Full |
| MEASURE 2.8: Transparency claims verified |
2.19, 2.21 |
Full |
| MEASURE 2.9: Environmental impact evaluated |
Out of scope (not primary FSI concern) |
N/A |
| MEASURE 2.10: Validity and reliability evaluated |
2.5, 2.6 |
Full |
| MEASURE 2.11: Third-party evaluated |
2.7 |
Full |
MEASURE 3: Mechanisms for tracking identified AI risks
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MEASURE 3.1: Risks tracked over time |
3.4, AI Risk Assessment Template |
Full |
| MEASURE 3.2: Feedback mechanisms implemented |
3.10 |
Full |
| MEASURE 3.3: Risk assessment updates documented |
3.3, Quarterly reviews |
Full |
MEASURE 4: Measurement feedback incorporated
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MEASURE 4.1: Feedback integrated into system improvements |
3.10, 2.3 |
Full |
| MEASURE 4.2: Measurement approaches reviewed |
Governance Cadence, Quarterly assessments |
Full |
MANAGE Function Mapping
Allocate risk resources to mapped and measured risks on a regular basis and as defined by the GOVERN function.
MANAGE 1: AI risks based on assessments and priorities treated
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MANAGE 1.1: Prioritized risks addressed |
Zone classification, AI Risk Assessment |
Full |
| MANAGE 1.2: Treatment plans implemented |
Remediation Tracking, Control implementation |
Full |
| MANAGE 1.3: Risk tolerance thresholds acted upon |
Zone escalation, 3.4 |
Full |
| MANAGE 1.4: Negative impacts minimized |
Runtime protection, DLP, Access controls |
Full |
MANAGE 2: Strategies to maximize benefits and minimize harms
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MANAGE 2.1: Resources allocated to manage risks |
Governance Cadence, RACI assignments |
Full |
| MANAGE 2.2: Benefit/harm considerations in deployment |
Zone classification, Per-Agent Data Policy |
Full |
| MANAGE 2.3: Decisions documented |
2.13, Decision logs |
Full |
| MANAGE 2.4: Mechanisms for appeal or recourse |
Human-in-the-Loop, Escalation matrix |
Full |
MANAGE 3: AI risks managed throughout lifecycle
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MANAGE 3.1: Pre-deployment risk management |
2.5, Agent Promotion Checklist |
Full |
| MANAGE 3.2: Post-deployment monitoring |
3.2, 3.10 |
Full |
MANAGE 4: Risk treatments monitored and response actions taken
| NIST AI RMF Category |
FSI Controls |
Coverage |
| MANAGE 4.1: Post-deployment monitoring implemented |
3.2, 1.7 |
Full |
| MANAGE 4.2: Mechanisms to capture emergent risks |
3.4, 3.10 |
Full |
| MANAGE 4.3: Incident response mechanisms in place |
AI Incident Response Playbook |
Full |
Coverage Summary
Methodology
This crosswalk maps FSI Agent Governance Framework controls to the NIST AI RMF 1.0 subcategories. The table below reflects the subcategories explicitly addressed in this document. The official NIST AI RMF 1.0 contains 72 subcategories; this crosswalk addresses 67 subcategories that are most relevant to Microsoft 365 AI agent governance in financial services.
Subcategory Coverage
| NIST AI RMF Function |
Subcategories Addressed |
Full Coverage |
Partial Coverage |
Not Applicable |
| GOVERN |
19 |
18 |
1 |
0 |
| MAP |
16 |
15 |
0 |
1 |
| MEASURE |
19 |
17 |
1 |
1 |
| MANAGE |
13 |
13 |
0 |
0 |
| TOTAL |
67 |
63 |
2 |
2 |
Coverage Calculation
- Subcategories addressed: 67 of 72 NIST AI RMF subcategories (93%)
- Full coverage: 63 of 67 addressed subcategories (94%)
- Partial coverage: 2 subcategories (GOVERN 3.1, MEASURE 2.4)
- Not applicable to FSI agent governance: 2 subcategories (MAP 5.2, MEASURE 2.9 - environmental impact)
- Not explicitly addressed: 5 subcategories (MEASURE 2.12, 2.13, and others focused on large-scale AI system development not applicable to Microsoft 365 agents)
Effective Coverage of Applicable Subcategories: 97% (63 full + 2 partial of 65 applicable)
Partial Coverage Areas
| Category |
Gap |
Remediation |
| GOVERN 3.1 (Diverse team) |
Framework does not mandate diversity requirements |
Organizational hiring/team practices; out of technical scope |
| MEASURE 2.4 (Explainability) |
Basic explainability guidance only |
Enhance Zone 1 explainability playbook for enterprise needs |
Not Applicable Areas
| Category |
Rationale |
| MAP 5.2 (Environmental) |
Environmental impact not primary FSI regulatory concern |
| MEASURE 2.9 (Environmental) |
Environmental impact not primary FSI regulatory concern |
Subcategories Not Explicitly Addressed
The following NIST AI RMF subcategories are not explicitly addressed in this crosswalk because they pertain to large-scale AI system development, training, and data curation rather than governance of pre-built Microsoft 365 agents:
| Category |
Description |
Rationale |
| MEASURE 2.12 |
Environmental impact quantified |
Not applicable - Microsoft manages infrastructure environmental impact |
| MEASURE 2.13 |
Effectiveness of risk mitigations verified |
Covered implicitly through testing controls (2.5, 2.6) but not separately tracked |
| MAP 3.4 |
Assumptions about data validated |
Microsoft manages Copilot training data; organization controls grounding data via Pillar 4 |
| MAP 3.5 |
Data provenance documented |
Microsoft manages model data provenance; framework covers grounding data governance |
| GOVERN 4.4 |
Documentation of AI system development |
Not applicable - framework governs deployed agents, not AI development |
Organizations developing custom AI models beyond Microsoft 365 agents should consult the full NIST AI RMF for these additional requirements.
Using This Crosswalk
For Compliance Officers
- Reference this document when responding to regulator inquiries about AI risk management frameworks
- Map specific control implementations to NIST AI RMF categories for examination documentation
- Use coverage summary to identify areas requiring additional organizational controls
For AI Governance Leads
- Use NIST AI RMF categories as checklist for new agent deployments
- Reference specific controls when designing governance procedures
- Identify gaps in current implementations vs. NIST expectations
For External Auditors
- Framework demonstrates substantive alignment with NIST AI RMF (93% of subcategories addressed, 97% effective coverage of applicable areas)
- Partial coverage areas and N/A designations are documented with rationale
- Control documentation provides implementation evidence
- Five NIST subcategories not explicitly addressed relate to large-scale AI development (not applicable to Microsoft 365 agent governance)
Complementary Framework: ISO/IEC 42001
ISO/IEC 42001 AI Management System Standard
Organizations seeking certification-based AI governance may consider ISO/IEC 42001:2023, the international standard for AI management systems. ISO/IEC 42001 is complementary to NIST AI RMF, not an alternative—the frameworks serve different purposes and can be implemented together for comprehensive AI governance. ISO/IEC 42001 is particularly valuable for organizations that:
- Require third-party certification of AI governance
- Operate in jurisdictions where ISO certification is expected
- Already maintain ISO 27001 or other ISO management systems
How they complement each other:
| Aspect |
NIST AI RMF |
ISO/IEC 42001 |
| Nature |
Framework (voluntary) |
Standard (certifiable) |
| Structure |
4 functions, 72 subcategories |
PDCA management system |
| Certification |
Not certifiable |
Third-party certifiable |
| Geography |
U.S.-focused |
International |
| Primary Role |
Risk identification and measurement |
Formal governance structures |
Recommended approach: Begin with NIST AI RMF risk assessments (lower implementation barrier), formalize findings into ISO 42001 AIMS policies and controls, then pursue ISO 42001 certification. Use NIST for continuous risk monitoring between annual ISO 42001 surveillance audits.
This crosswalk can be adapted for ISO/IEC 42001 alignment by mapping FSI controls to ISO 42001 clauses (Annex A controls). Contact your compliance officer for guidance on implementing both frameworks together.
References
FSI Agent Governance Framework v1.2 | Updated: January 2026 | NIST AI RMF Crosswalk Last Verified: January 19, 2026