Is NIST AI 600-1 mandatory for private companies?

No. NIST AI 600-1 is voluntary for private-sector organizations. However, it is increasingly referenced in federal procurement solicitations, so companies selling generative AI solutions to U.S. government agencies may face contractual pressure to align with its requirements.

How does NIST AI 600-1 differ from the NIST AI RMF 1.0?

The AI RMF 1.0 is a general-purpose AI risk management framework. NIST AI 600-1 is a companion profile that extends it by mapping the same GOVERN, MAP, MEASURE, and MANAGE functions to twelve risk categories specific to generative AI systems, such as hallucination, data provenance, and prompt injection.

Which twelve risk categories does NIST AI 600-1 address?

The profile covers CBRN information risks, confabulation, data privacy, data provenance, harmful bias and homogenization, human-AI configuration, information integrity, information security, intellectual property, obscene or abusive content, transparency and documentation, and value chain and component integration.

Do federal agencies have to comply with NIST AI 600-1?

Federal agencies are expected to use NIST AI 600-1 as part of their implementation of Executive Order 14110 and subsequent OMB guidance on AI governance. It carries a stronger compliance expectation for agencies than for private-sector organizations.

What does NIST AI 600-1 require for third-party generative AI vendors?

The profile calls for organizations to assess third-party model and component risks across the generative AI supply chain. In practice, this means requiring vendors to provide model cards, system cards, and training data provenance documentation, and reviewing those materials against profile requirements before contract execution.

How should a compliance team handle hallucination risk under NIST AI 600-1?

The profile requires organizations to measure and monitor confabulation rates, set acceptable error thresholds, implement output validation controls, and establish a disclosure protocol for material confabulation incidents. A minimum quarterly measurement cadence is a practical baseline for most deployment contexts.

← Directory Compare with another →

Not sure where to start? Answer 3 questions and get a tailored compliance action plan.

What applies to me? →

VoluntaryFramework US

NIST AI 600-1 Generative AI Profile

Issued by

National Institute of Standards and Technology (NIST), U.S. Department of Commerce

liveEffective 2024-07-26NIST AI 600-1Verified April 2026

Official document →

A companion resource to the NIST AI RMF 1.0 that provides structured guidance for managing the unique risks presented by generative AI systems, including large language models and multimodal foundation models.

Applies To

U.S. federal agencies subject to EO 14110 and OMB AI guidanceFederal contractors and vendors providing generative AI solutions to U.S. government agenciesEnterprises developing or fine-tuning large language models or multimodal foundation modelsOrganisations deploying generative AI in customer-facing, employee-facing, or decision-support rolesAI risk, compliance, and legal functions responsible for model governance and documentationCybersecurity teams managing prompt injection, adversarial attack, and model integrity risksProcurement and third-party risk teams evaluating generative AI vendor risk

Overview

NIST AI 600-1, formally titled 'Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile,' was published in final form on July 26, 2024, in response to Executive Order 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (October 2023). The profile extends the NIST AI Risk Management Framework (AI RMF 1.0, January 2023) by mapping its GOVERN, MAP, MEASURE, and MANAGE functions to twelve generative-AI-specific risk categories. These categories reflect emergent risks that were not fully addressed by the base AI RMF, including data provenance challenges, hallucination and confabulation, intellectual property concerns, homogenization of outputs, and risks arising from the dual-use nature of generative AI capabilities. NIST AI 600-1 is structured as a profile-a prioritised set of outcomes drawn from the AI RMF Core-rather than a standalone standard or regulation. It is intended for use by AI developers, deployers, and operators and is explicitly technology-stack-neutral. The document was developed through an open public comment process and reflects input from industry, academia, civil society, and international partners. Federal agencies are expected to use the profile as part of their implementation of the requirements under EO 14110 and subsequent OMB guidance. While voluntary for private-sector organisations, the profile is increasingly referenced in federal procurement solicitations, sector-specific regulatory guidance, and enterprise AI governance programmes. Enterprises building, fine-tuning, or deploying generative AI systems-including retrieval-augmented generation (RAG) architectures, copilot tools, and AI-assisted decision systems-should map internal controls to the twelve risk categories and associated suggested actions.

Key Requirements

•Governance: Establish organisational policies, accountability structures, and workforce competencies specific to generative AI risk.
•CBRN Information: Implement controls to prevent generative AI from providing serious uplift to those seeking to create chemical, biological, radiological, or nuclear threats.
•Confabulation (Hallucination): Measure, monitor, and disclose rates of confabulation; implement output validation controls.
•Data Privacy: Address privacy risks inherent in training data ingestion, memorisation, and inference outputs.
•Data Provenance: Maintain records of training data lineage and apply provenance verification mechanisms where feasible.
•Harmful Bias and Homogenization: Evaluate and mitigate bias amplification and the societal risk of large-scale output homogenization.
•Human-AI Configuration: Ensure appropriate human oversight mechanisms are calibrated to the risk level of generative AI applications.
•Information Integrity: Address the potential for generative AI to produce or amplify disinformation, synthetic media, and influence operations.
•Information Security: Manage risks of adversarial prompt injection, data poisoning, model extraction, and evasion attacks.
•Intellectual Property: Assess and manage risks of training data copyright infringement and IP exposure in model outputs.
•Obscene or Abusive Content: Implement content moderation controls for sexual, violent, or abusive content generation.
•Transparency and Documentation: Maintain model cards, system cards, and disclosure documentation appropriate to the deployment context.
•Value Chain and Component Integration: Assess third-party model and component risks across the generative AI supply chain.

What Your Organization Must Do

→Map all generative AI systems currently in development or deployment to the twelve NIST AI 600-1 risk categories by assigning a responsible owner (e.g., AI risk lead or product owner) for each category and documenting gaps against the suggested actions in the profile.
→Update the enterprise AI governance policy to explicitly address generative AI risks, including hallucination thresholds, CBRN safeguards, and content moderation standards, and present the revised policy to the board or risk committee for approval within 90 days of system deployment or profile adoption.
→Establish a confabulation and output quality monitoring programme with defined measurement cadences (at minimum quarterly), documented acceptable error rate thresholds, and a disclosure protocol for material confabulation incidents affecting end users or regulated decisions.
→Require all third-party generative AI vendors and foundation model providers to supply model cards, system cards, and training data provenance documentation as a contractual condition of procurement; assign third-party risk management to review these against profile requirements before contract execution.
→Conduct a training data and output intellectual property review for any model being fine-tuned or deployed, engaging legal counsel to assess copyright exposure, and implement output filtering or attribution controls where infringement risk is identified.
→Align internal generative AI security controls with the profile's information security requirements by tasking the cybersecurity team to test for prompt injection, data poisoning, and model extraction vulnerabilities on a defined schedule (at minimum annually or after significant model updates), and report findings to the AI risk governance function.

Playbook Guidance

Step-by-step implementation guidance for compliance teams.

07How do we handle AI-generated content and hallucinations?05How do we detect and mitigate algorithmic bias?06What does meaningful human oversight look like for high-risk AI decisions?12Is our training data compliant with global privacy laws?19How do we handle intellectual property and copyright in AI?

Governance Controls

Operational controls that implement requirements from this regulation.

AGT-001Agent Permission Boundaries AGT-002Agent Prompt Injection Defense AGT-004Multi-Agent Trust Hierarchy AGT-007Agent Scope and Task Boundaries AGT-009Agent and Non-Human Identity Management AGT-010Agent Knowledge Source Integrity AGT-011Agent Behavior Monitoring and Anomaly Detection AGT-012Agent Kill Switch and Emergency Stop AGT-016Agentic AI Deployment Readiness Assessment AGT-017Agentic Autonomy Expansion Criteria AGT-018Agent Data Modification Blast-Radius Containment AGT-019AI Tool and Plugin Supply Chain Risk Assessment AGT-020RAG Retrieval Boundary Controls for Regulated Data AGT-021Human Oversight Classification Rationale Log AGT-022Agentic AI Governance Tooling Attestation AGT-023Agentic AI Security Assessment — CBRN and Cyber Espionage AGT-024AI Permission Escalation Tabletop Exercise Program BRD-001Director AI Literacy and Competency Assessment BRD-002AI Governance Committee Charter and Decision Rights BRD-005AI Governance Maturity Assessment BRD-006AI Risk Tolerance and Appetite Documentation BRD-008Voluntary AI Governance Adequacy Standard BRD-009Unified Multi-Framework AI Risk Register CMP-001Multi-Jurisdiction AI Regulatory Compliance Mapping CMP-002International AI Standards Monitoring Workflow CMP-008Federal AI Regulatory Monitoring and Pre-Deployment Vetting HOC-001AI System Risk Classification HOC-002Human Approval Gate for Consequential AI Decisions HOC-004Automation Bias Prevention MGV-001AI Model Preview and Staged Release Policy MGV-002AI System Intake and Approval Workflow MGV-003AI Governance Program Milestone Framework MGV-004Continuous AI Assurance Function Design MGV-005Generative AI Input Data Classification MGV-006RAI Benchmark-Aligned Evaluation Framework MGV-007Emerging AI Modality Classification and Governance Extension MGV-008AI-Generated Deliverable Disclosure and Citation Standards MGV-009AI Capability Claim Substantiation Standard MON-003AI Bias and Fairness Monitoring PRC-003Third-Party AI Model Evaluation PRC-008Vendor Model Update Disclosure and Re-Assessment Protocol PRC-009AI Vendor Concentration Risk Assessment PRC-010AI Vendor Financial Stability Assessment PRC-011Federal AI Procurement Submission and Review Process PRC-012AI Safety Index and Benchmark Monitoring PRC-013AI Platform Conflict-of-Interest Assessment PRC-014Shadow AI and Third-Party Widget Inventory and Classification PRC-015Procurement-Stage AI Governance Conditions SAF-001Hallucination Detection and Mitigation SCT-001Anthropomorphic and Companion AI Safeguards SCT-002Clinical AI Governance Committee Charter SCT-004Insurance Sector AI Documentation Standards SCT-006Self-Hosted Open-Weight AI Model Governance SCT-007Consumer and External AI Tool Acceptable Use Policy SCT-009AI System Algorithm Register SEC-001Prompt Injection Prevention SEC-005Adversarial Robustness Testing

Frequently Asked Questions

Is NIST AI 600-1 mandatory for private companies?: No. NIST AI 600-1 is voluntary for private-sector organizations. However, it is increasingly referenced in federal procurement solicitations, so companies selling generative AI solutions to U.S. government agencies may face contractual pressure to align with its requirements.
How does NIST AI 600-1 differ from the NIST AI RMF 1.0?: The AI RMF 1.0 is a general-purpose AI risk management framework. NIST AI 600-1 is a companion profile that extends it by mapping the same GOVERN, MAP, MEASURE, and MANAGE functions to twelve risk categories specific to generative AI systems, such as hallucination, data provenance, and prompt injection.
Which twelve risk categories does NIST AI 600-1 address?: The profile covers CBRN information risks, confabulation, data privacy, data provenance, harmful bias and homogenization, human-AI configuration, information integrity, information security, intellectual property, obscene or abusive content, transparency and documentation, and value chain and component integration.
Do federal agencies have to comply with NIST AI 600-1?: Federal agencies are expected to use NIST AI 600-1 as part of their implementation of Executive Order 14110 and subsequent OMB guidance on AI governance. It carries a stronger compliance expectation for agencies than for private-sector organizations.
What does NIST AI 600-1 require for third-party generative AI vendors?: The profile calls for organizations to assess third-party model and component risks across the generative AI supply chain. In practice, this means requiring vendors to provide model cards, system cards, and training data provenance documentation, and reviewing those materials against profile requirements before contract execution.
How should a compliance team handle hallucination risk under NIST AI 600-1?: The profile requires organizations to measure and monitor confabulation rates, set acceptable error thresholds, implement output validation controls, and establish a disclosure protocol for material confabulation incidents. A minimum quarterly measurement cadence is a practical baseline for most deployment contexts.