Skip to content
AM-048
← Back to ledger
Holding·last review26 Apr 2026

The NIST AI Risk Management Framework (AI RMF 1.0, published January 2023, with the Generative AI Profile published July 2024) maps onto enterprise agentic AI deployment work across its four functions (Govern, Map, Measure, Manage) using the same artefacts an enterprise produces for EU AI Act Article 9. Specifically: NIST Govern maps to the Head of AI Governance role and the AI governance committee; NIST Map maps to the deployment inventory and the OWASP Agentic Top 10 walkthrough; NIST Measure maps to the 14-field Article 12 audit substrate plus the GAUGE governance dimensions; NIST Manage maps to the kill-criterion enforcement and the seven-control surface. An enterprise that has the EU AI Act preparation track running has substantially completed NIST AI RMF coverage and can document the mapping as a single cross-reference matrix. The reverse mapping (NIST → EU AI Act) requires more work because NIST is voluntary in posture and the EU AI Act is operational; an enterprise that started with NIST as the framework needs to extend audit substrate granularity and add the Article 73 incident-reporting workflow.

NIST AI RMF mapping. 90-day review cadence. Watches: (1) NIST AI RMF version updates (NIST has signalled an AI RMF 2.0 framework revision in development for late 2026), (2) Generative AI Profile updates (the July 2024 profile is the current authoritative addendum; further profiles for agentic systems specifically are expected), (3) U.S. federal procurement guidance that elevates NIST AI RMF from voluntary to operational (pending under the post-Executive Order 14110 successor framework), (4) NIST AI Safety Institute outputs that revise the technical risk taxonomy.

Published
26 Apr 2026
Last reviewed
26 Apr 2026
Next review
+72d· 25 Jul 2026
Source piece
NIST AI RMF mapping for enterprise agentic AIRead piece →
Permalink/holding/AM-048/
Embed this claimiframe + oEmbed
HTML iframe
Paste-the-URL (Substack, Medium, Notion, WordPress)

The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.

About this register

The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.

Recent corrections in Reporting

  • AM-002 · Not holding · 06 May 2026

    URL state changed. The /the-agentic-ai-revolution-real-world-success-stories-and-strategic-insights-from-2024-2025/ slug now serves a deliberately rewritten retrospective (claimId AM-130, "Agentic AI 2024-2025 retrospective", published 04 May 2026) against audited primary sources. The 28 Apr 2026 redirect to /retractions/ has been lifted to allow that. AM-002 the claim remains Not holding — the original $3.50/dollar + 70% failure-rate framing was withdrawn and is not restored. AM-130 is a separate claim with its own evidence chain. Readers arriving at /holding/AM-002 see the withdrawal here; the article link surfaces the new piece at the URL the original lived at, with this entry as the audit trail.

  • AM-121 · Holding · 2 May 2026

    Klarna walk-back primary-source upgrade — added Siemiatkowski verbatim quotes via Bloomberg-cited-by-Fortune (9 May 2025) and the Uber-style freelance hiring detail via Entrepreneur. Closes the highest-priority evidence gap from the source dossier.

  • AM-115 · Holding · 29 Apr 2026

    Initial publication 29 Apr 2026 — the first Quarterly Claim Review Bulletin. The claim itself is recursive: it asserts that the bulletin will ship quarterly, and the next review (30 Jul 2026) tests whether the Q3 bulletin actually appeared. Status starts as 'up' because the claim is currently true (the Q2 bulletin shipped). The verdict at end of July 2026 will move to Holding, Partial (bulletin shipped but on a delayed cadence), or Not holding (no bulletin shipped). REVIEW: Peter — please verify claim text + cadence wording before removing rewriteInProgress flag.

Reviews coming up in Reporting

  • AM-003 · Holding · next +5d (19 May 2026)

    GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…

  • AM-136 · Holding · next +21d (4 Jun 2026)

    Across the 24-month window May 2024 to April 2026, every major foundation-model provider (Anthropic, OpenAI, Google, AW…

  • AM-020 · Holding · next +35d (18 Jun 2026)

    The 40-60% TCO underestimate on enterprise agentic-AI deployments is not a cost-visibility failure — it is a cross-depa…