Activate or update NIST Risk Management Framework

  • Release version: Australia
  • Updated May 18, 2026
  • 1 minute to read

    • Activate or update NIST Risk Management Framework to install its citations, control objectives, and risk statements on your instance so they can be used in assessments and mapped to your AI assets.

    Before you begin

    Install the AI Risk and Compliance content application before activating a framework. For more information, see Install AI Risk and Compliance content.

    Role required: sn_grc_ai_gov.ai_risk_and_compliance_manager

    About this task

    Activating the NIST Risk Management Framework installs the framework's citations, control objectives, and risk statements into your instance. You select which citations and control objectives are relevant to your organization — you don't need to install the entire framework. After the framework is activated, select Update to add or remove citations in the future.

    Procedure

    1. Navigate to All > AI Risk and Compliance Workspace.
    2. Select the AI Risk and Compliance Content icon on the AI Risk and Compliance Workspace.
    3. Select Activate on the NIST Risk Management Framework card.
      Note:
      Verify that you have selected the correct version of the NIST Risk Management Framework before proceeding.
    4. Read the disclaimer statement and select Agree.
    5. Select the citations to include and select Next.
      Note:
      Only citations with a status of Ready can be selected.
    6. Select the control objectives to include and select Next.
      The control objectives displayed are based on the citations selected in the preceding step.
    7. Select the risk statements to include and select Next.
      Note:
      Only risk statements with a status of Ready can be selected.
    8. Verify the selected citations, control objectives, and risk statements on the summary page.
    9. Select Submit.
      The selected citations, control objectives, and risk statements are installed on your instance and are available for use in assessments and risk mappings.
    10. Optional: Modify the activated NIST Risk Management Framework by selecting Update on the framework card.
      The Update button appears on the NIST Risk Management Framework card only after the framework is activated. Repeat steps 5 through 9 to add or remove citations, control objectives, and risk statements.

    Result

    The selected NIST Risk Management Framework citations, control objectives, and risk statements are installed on your instance and are available for use in assessments and risk mappings.

    What to do next

    The installed citations, control objectives, and risk statements are available for use in assessments and to map to your AI assets. To activate additional frameworks, see Activate or update EU Artificial Intelligence Act, , or .