LinkedIn pixel

NIST Governance, Explained for Beginners: What CSF 2.0 and the AI RMF Actually Ask of You

  • Centroid
  • $
  • NIST Governance, Explained for Beginners: What CSF 2.0 and the AI RMF Actually Ask of You

If your board or a customer has asked “are we aligned with NIST?”, the honest answer is usually “aligned with which one?” NIST does not publish a single governance framework. It publishes several, for different problems, and the two your organization is most likely to run into right now are the Cybersecurity Framework (CSF 2.0) and the AI Risk Management Framework (AI RMF 1.0). This guide walks through both in plain language, shows how they fit together, and gives you a starting point if you have not touched either one yet.

What NIST Is, in One Paragraph

The National Institute of Standards and Technology is a U.S. federal agency that publishes technical standards and guidance; cybersecurity and AI frameworks among them. None of what follows is law. NIST frameworks are voluntary, which means no one is required to adopt them by default. In practice, though, they have become the closest thing to a common language for risk management: auditors reference them, insurers ask about them, enterprise procurement teams check for them, and some state laws now build legal incentives around them. Colorado’s AI Act, for instance, treats alignment with the AI RMF as an affirmative defense against liability for AI-related harms. Voluntary does not mean optional in any practical sense once your customers start asking.

An AI-ready environment starts with a modern data architecture, one where clinical, financial, and operational data flow into a centralized platform that AI tools can actually consume. Without this, even the most sophisticated models produce noise, not insight.

Two Frameworks, Two Different Jobs

The mistake most beginners make is treating “NIST governance” as one thing. It is not. CSF 2.0 governs cybersecurity risk broadly: the confidentiality, integrity, and availability of your systems and data. The AI RMF governs a narrower and newer problem: the risks that show up specifically because a system uses AI, things like biased outputs, opaque decision-making, or a model that quietly degrades in accuracy over time. A perfectly secure AI system, one that CSF 2.0 would rate highly, can still discriminate against loan applicants or hallucinate legal citations. That is the gap the AI RMF exists to close. If you deploy AI on top of infrastructure you already secure, you need both frameworks working together, not one instead of the other.

NIST Cybersecurity Framework 2.0

CSF 2.0 was published in February 2024, the first major revision since the original framework’s release a decade earlier. Its biggest structural change was adding a sixth function, Govern, sitting at the center of the model rather than beside the other five. That placement is deliberate: NIST is signaling that governance is not one activity among many, it is the thing that determines whether the other five happen consistently at all.

The six functions break down as follows. Govern sets the organization’s cybersecurity risk strategy, roles, policies, and oversight, including how you manage risk introduced by suppliers and vendors. Identify is the inventory step: knowing what assets, data, and risks actually exist before you can protect them. Protect covers the safeguards themselves, access controls, training, and system hardening. Detect is about noticing when something has gone wrong quickly enough to matter. Respond covers containment and communication once an incident is confirmed. Recover is restoring normal operations and feeding lessons learned back into the other five functions. Altogether the framework organizes 22 categories and 106 subcategories of outcomes underneath these six functions, which sounds like a lot until you realize most organizations only need to work through the subset relevant to their risk profile, not the entire catalog at once.

NIST AI Risk Management Framework 1.0

The AI RMF was published in January 2023, ahead of CSF 2.0, which is itself a useful signal: NIST recognized that AI-specific governance needed its own framework rather than waiting to be folded into cybersecurity guidance. It covers the AI lifecycle, design through deployment through retirement, and it structures that coverage around four functions instead of six.

Govern here plays the same anchoring role it does in CSF 2.0, but the framework describes it explicitly as cross-cutting: it touches every other function rather than sitting in sequence with them. It is where you decide who approves a high-risk AI use case, how a third-party model gets vetted before it enters your environment, and how much budget goes to safety testing before launch. Map comes next and is arguably the step most organizations skip: establishing the context of a specific AI system before evaluating it, its intended purpose, its users, its assumptions, and the harms it could plausibly cause if it fails. Measure is where you actually test, benchmark, and monitor the system against that context, using both quantitative metrics and qualitative review, and where you catch a model drifting or misbehaving after launch rather than only at initial release. Manage is the response layer: prioritizing which risks get resources, documenting what residual risk you are knowingly accepting, and running incident response when something does go wrong.

Underneath all four functions sits a shared vocabulary for what “trustworthy” actually means in an AI system. NIST defines seven characteristics, and the Measure and Manage functions exist largely to check a system against them.

Two of these are worth pausing on because they trip people up. Explainable and interpretable is not the same characteristic twice with different words. Explainability is the mechanism (can you show your work), interpretability is the outcome (can a human actually understand it). And fair with harmful bias managed is deliberately not phrased as “unbiased,” because NIST’s position is that all models carry some form of bias; the governance question is whether you are actively surfacing and managing it, not pretending it does not exist.

Putting Them Side by Side

The practical takeaway from this comparison is not that you need to pick one. It is that they answer different audit questions. If a customer’s security questionnaire asks about your incident response plan or vendor risk management, that is CSF 2.0 territory. If they ask how you validate that your AI model does not discriminate against a protected class, or how you monitor for model drift after deployment, that is AI RMF territory. Organizations that only have one of the two will eventually get asked a question the other framework was built to answer.

Where to Actually Start

Both frameworks converge on the same first move: start with Govern, not with a checklist. It is tempting to jump straight to Measure, running a bias audit or a penetration test, because those produce a document you can point to. But without a Govern function in place, defined ownership, an approved risk appetite, a documented process for who signs off on what, you have no way to act consistently on what those tests find. A vulnerability scan or a fairness audit with no one accountable for the results is activity, not governance.

A realistic starting sequence looks like this. First, name an owner, someone accountable for cybersecurity risk decisions and someone accountable for AI risk decisions. At a smaller organization this may be the same person, but the accountability still needs to be explicit rather than assumed. Second, inventory what you actually have: which systems handle sensitive data (feeds CSF 2.0’s Identify function), and which of your products or internal tools use AI at all, including AI embedded in vendor software you did not build yourselves (feeds the AI RMF’s Map function). Third, pick the subset of each framework’s categories that matches your actual risk profile rather than attempting full coverage on day one. NIST built both frameworks to be scaled to organizational size and risk tolerance; a five-person startup and a regulated bank are not expected to implement identical control sets.

The Regulatory Picture Is Still Moving

Worth knowing, and worth holding loosely: the federal policy environment around AI governance has shifted more than once in the past two years, and it will likely shift again. An October 2023 executive order that directed federal agencies to align with the AI RMF was revoked in January 2025 and replaced with a different executive order focused on removing AI regulatory barriers. Meanwhile several states, Colorado among them, have written NIST alignment directly into their own AI laws. The frameworks themselves have stayed stable through this; what changes is how much external pressure exists to adopt them. That is a reason to build the underlying governance discipline now rather than wait for a settled legal mandate that may not arrive on the timeline you expect.

Where Centroid Comes In

Reading the frameworks is the easy part. The harder part, mapping Govern-Map-Measure-Manage or the CSF’s six functions onto your actual systems, your actual vendors, and your actual risk appetite, is where most organizations stall out. Reach out to us if you want a second set of eyes on where your organization actually stands against either framework. It is a conversation worth having before a customer’s questionnaire forces the issue.

Get your customized JDE cloud migration roadmap

Unlock a clear path to a more efficient, scalable Oracle JD Edwards environment with OCI. Sign up for a consultation with our experts, and we’ll provide a cloud migration roadmap designed for your business needs. 

You're one step closer to AI-powered insights.

Fill out the form to request your complimentary software assessment. Our experts will review your Oracle EBS environment and provide personalized recommendations to help you maximize its value with EBS VisionIQ.