NIST AI RMF vs ISO/IEC 42001

Two of the most-referenced AI governance frameworks — one is a voluntary US framework, the other an international standard that can be certified. Most mature programs use both.

Voluntary standardVoluntary standardUS

NIST AI Risk Management Framework

The NIST AI Risk Management Framework (AI RMF 1.0) was published by the U.S. National Institute of Standards and Technology in January 2023, with a Generative AI Profile (NIST-AI-600-1) added in July 2024. It is a voluntary, sector-agnostic framework that organises AI risk management around four functions: Govern, Map, Measure, and Manage. Although adoption is voluntary, the AI RMF is referenced by the U.S. Executive Order on AI, several federal agency directives, and is increasingly cited by procurement teams and insurance carriers as a baseline expectation. NIST also publishes a companion AI RMF Playbook with concrete implementation suggestions and a Crosswalk that maps AI RMF actions to ISO/IEC 42001, ISO/IEC 23894, OECD AI Principles, and EU AI Act provisions.

Jurisdiction

Enforcement

January 26, 2023

Maximum penalty

Voluntary framework; no statutory penalties

Key obligations

01Govern: establish AI policies, accountabilities, and a risk-tolerance posture that flows from board level through engineering teams.
02Map: characterise the AI system's context, intended use, stakeholders, data, and known limitations before deployment.
03Measure: select and apply quantitative and qualitative tests for trustworthiness characteristics — validity, reliability, safety, fairness, security & resilience, accountability & transparency, privacy, explainability.
04Manage: prioritise, treat, and monitor risks; allocate resources; respond to incidents; and decommission systems that no longer meet the risk threshold.
05For generative AI (GenAI Profile): address content provenance, hallucination/confabulation, harmful bias, IP and data integrity, CBRN/cyber misuse, and value-chain integration risks.
06Maintain a living risk register and update Map/Measure/Manage outputs at material change events (data drift, model retraining, new use cases).
07Treat AI RMF outputs as auditable artifacts even though the framework is voluntary — they are widely accepted as evidence in due diligence and procurement.

Vendors that support NIST AI RMF

Sorted by coverage level. Full coverage shown first.

34 vendors

Vendor	HQ	Founded	Size	Pricing	Coverage	Last verified
LatticeFlow AI	Zurich, Switzerland	2020	11-50	No public pricing. Enterprise platform sold via direct sales. Contact sales for demo and pricing.	Full	Apr 22, 2026
Enzai	Belfast, United Kingdom	2021	2-10	SaaS platform, enterprise subscription. No public pricing listed. Contact sales via enz.ai.	Full	Apr 22, 2026
Robust Intelligence	San Francisco, United States	2019	11-50	Now integrated into Cisco AI Defense / Cisco Security Cloud. Standalone Robust Intelligence is no longer sold independently. Pricing through Cisco.	Full	Apr 22, 2026
Collibra AI Governance	New York, United States	2008	1000+	Enterprise subscription; contact sales for custom quote based on users, assets, modules.	Full	Apr 23, 2026
Monitaur	Boston, United States	2019	11-50	Enterprise annual subscription; no public pricing listed. Forrester Wave cited 'pricing flexibility and transparency' as a highest-score criterion. Contact sales for quotes.	Full	Apr 22, 2026
Trustible	Arlington, United States	2023	11-50	Contact sales for enterprise pricing; no public plans listed	Full	Apr 23, 2026
ModelOp	Chicago, United States	2018	11-50	No public pricing listed; contact sales for enterprise quotes.	Full	Apr 23, 2026
Modulos AI Governance	Zurich, Switzerland	2018	11-50	Contact for pricing	Comprehensive	Apr 24, 2026
Scrut Automation	Palo Alto, US	2021	51-200	Contact for pricing	Comprehensive	Apr 24, 2026
Luminos.Law (ZwillGen AI Division)	Washington, DC, US	2019	51-200	Contact for pricing	Comprehensive	Apr 24, 2026
DataRobot	Boston, US	2012	1000+	Contact for pricing	Comprehensive	Apr 24, 2026
Drata	San Francisco, US	2020	501-1000	Contact for pricing	Comprehensive	Apr 24, 2026
Saidot	Helsinki, Finland	2018	11-50	No public pricing listed; contact sales implied via demos and sign-ups.	Partial	Apr 23, 2026
HiddenLayer	Austin, United States	2022	51-200	Enterprise-only, contact sales for pricing. No public pricing listed on website.	Partial	Apr 22, 2026
Lakera	Zurich, Switzerland	2021	51-100	Enterprise-focused SaaS. No public pricing listed. API-based pricing model expected. Contact sales.	Partial	Apr 22, 2026
Prompt Security	Tel Aviv, Israel	2023	11-50	Now part of SentinelOne Singularity Platform. Continues as a standalone product. Enterprise pricing only; contact sales or SentinelOne.	Partial	Apr 22, 2026
Protect AI	Seattle, United States	2022	51-200	Now integrated into Palo Alto Networks Prisma AIRS. Original standalone Protect AI pricing was enterprise-only, contact sales. Current pricing through Palo Alto Networks.	Partial	Apr 22, 2026
Fairly AI	Kitchener, Canada	2020	11-50	On-premises or private-cloud deployments; quote-based.	Partial	Apr 21, 2026
TrojAI	Saint John, Canada	2019	11-50	Enterprise-only, no public pricing. Contact sales at troj.ai.	Partial	Apr 22, 2026
OneTrust AI Governance	Atlanta, United States	2016	1000+	Enterprise platform; contact sales for quote, no public pricing listed	Partial	Apr 23, 2026
Vanta	San Francisco, USA	2018	500-1000	Contact for pricing	Partial	Apr 26, 2026
IBM watsonx.governance	Armonk, USA	—	1000+	Contact for pricing	Partial	Apr 26, 2026
ServiceNow AI Control Tower	Santa Clara, USA	2004	1000+	Contact for pricing	Partial	Apr 26, 2026
Securiti Data Command Center	San Jose, USA	2018	500-1000	Contact for pricing	Partial	Apr 26, 2026
BigID	New York, USA	2016	500-1000	Contact for pricing	Partial	Apr 26, 2026
Credo AI	Palo Alto, US	2020	51-200	Contact sales for enterprise subscription quote. Credo AI homepage	Partial	Apr 26, 2026
Holistic AI	London, UK	2020	51-200	Enterprise platform; contact sales for quote.	Partial	Apr 26, 2026
ValidMind	Palo Alto, US	2022	11-50	Custom pricing plans; contact sales.	Partial	Apr 26, 2026
FairNow	McLean, US	2023	11-50	Contact sales for quote; no public pricing listed	Partial	Apr 26, 2026
Lasso Security	Tel Aviv, IL	2023	11-50	Enterprise pricing only. Not publicly listed.	Partial	Apr 27, 2026
Cranium	Short Hills, US	2023	51-200	Contact for pricing	Partial	Apr 27, 2026
Naaia	Louveciennes, FR	2021	11-50	No public pricing tiers; demo and quote requested via website.	Partial	Apr 27, 2026
2021.AI	Copenhagen, DK	2016	51-200	Contact for pricing	Partial	Apr 27, 2026
Knostic	Herndon, US	2023	11-50	Contact for pricing	Adjacent	Apr 27, 2026

Buyer’s guide

Independent ranking with documented criteria.

See our top picks for NIST AI RMF

Frequently asked

In-depth answers about NIST AI RMF.

NIST AI RMF vs ISO 42001 — which to choose?

Compare across industries

See which vendors support NIST AI RMF in your sector.

NIST AI RMF in Defense & National Security NIST AI RMF in Education NIST AI RMF in Employment & HR NIST AI RMF in Energy & Utilities NIST AI RMF in Financial Services NIST AI RMF in Government & Public Sector NIST AI RMF in Healthcare NIST AI RMF in Insurance NIST AI RMF in Legal Services NIST AI RMF in Manufacturing NIST AI RMF in Media & Entertainment NIST AI RMF in Retail & E-commerce NIST AI RMF in SaaS & Technology NIST AI RMF in Telecommunications

Last verified April 28, 2026. Informational summary only — not legal advice. Consult qualified counsel for specific obligations.