A tailored course, built for your situation
Deeper command of the NIST AI Risk Management Framework
Name the patterns, map the controls, lead the review, without deferring to external guidance
The situation this course is for
Who this is for
Senior practitioner in AI governance or risk advisory at a federal consulting firm, regularly engaged in client assessments, framework implementation, or policy translation work
Who this is not for
Entry-level analysts, auditors focused solely on compliance checklists, or practitioners not involved in shaping AI governance deliverables
What you walk away with
- Map AI risk scenarios directly to NIST AI RMF subcategories with confidence
- Explain control rationale using authoritative sources and real-world analogs
- Produce clear, client-facing assessment summaries anchored in the framework
- Anticipate reviewer questions and address them preemptively in documentation
- Adapt the framework to novel use cases without losing alignment with intent
The 12 modules (with all 144 chapters)
- What the framework is designed to solve
- How Map differs from Measure in practice
- Govern function triggers and thresholds
- Managing third-party AI risk within the model
- Mapping organisational roles to functions
- When to escalate beyond the framework
- Key differences from ISO/IEC 42001
- AI life cycle alignment points
- Integrating with existing risk registries
- Handling dual-use foundation models
- Common misinterpretations to avoid
- Building your first framework snapshot
- Defining what counts as an AI system
- Stakeholder mapping technique
- Impact dimension selection
- Handling classified or sensitive systems
- Identifying downstream dependencies
- Boundary setting for generative AI
- Dealing with legacy integrations
- Using data provenance to scope
- Documenting rationale for review
- Aligning scope with client objectives
- Managing edge cases in federal contexts
- Template for scoping memorandum
- Selecting appropriate risk metrics
- Scenario development process
- Scoring likelihood and impact
- Validation with non-technical stakeholders
- Weighting fairness, safety, security
- Benchmarking against peer systems
- Using historical incident data
- Handling low-probability high-impact risks
- Documenting measurement uncertainty
- Integrating human oversight factors
- Adapting for national security systems
- Worked example: facial recognition system
- Control selection decision tree
- Mapping risks to subcategories
- Layering technical and procedural controls
- Using NIST SP 800-53 crosswalks
- Customising controls for mission needs
- Third-party validation strategies
- Monitoring effectiveness over time
- Handling irreversible harms
- Documentation requirements per tier
- Mitigation trade-off analysis
- Escalation paths for unresolvable risks
- Template: mitigation action plan
- Defining governance bodies
- Establishing review cadences
- Role clarity for AI stewards
- Ethics committee integration
- Incident response coordination
- Audit trail expectations
- Handling public reporting obligations
- Updating policies after incidents
- Managing dual-reporting lines
- Accountability mapping technique
- Federal acquisition regulation links
- Template: governance charter
- Fairness definition alignment
- Transparency vs. security trade-offs
- Robustness testing thresholds
- Privacy-preserving techniques
- Handling model drift detection
- Explainability for non-experts
- Supply chain transparency
- Red teaming integration
- Bias mitigation workflow
- Adversarial attack resistance
- Handling zero-day vulnerabilities
- Pattern library: common combinations
- Assessment summary structure
- Executive briefing technique
- Technical annex organisation
- Using visuals effectively
- Managing caveats and limitations
- Aligning tone with risk level
- Responding to reviewer comments
- Version control for artefacts
- Template: client risk memo
- Handling conflicting stakeholder views
- Language for uncertain findings
- Deliverable checklist
- Handling classified AI systems
- National security exception considerations
- Mission-critical system adaptations
- Acquisition pathway alignment
- Interfacing with DoD AI Ethical Principles
- Integrating with RMF for DoD IT
- Handling dual-use research concerns
- Supply chain risk management links
- FISMA alignment points
- Congressional reporting implications
- Working within IC guidelines
- Case study: battlefield decision support
- ISO/IEC 42001 crosswalk
- NIST CSF 2.0 alignment
- IEEE 7000 series connections
- OCPP guidance links
- Healthcare-specific extensions
- Financial services overlays
- Transportation safety integration
- Creating unified control sets
- Avoiding duplication across audits
- Single source of truth strategy
- Mapping tools comparison
- Template: cross-standard mapping table
- Change management roadmap
- Internal training design
- Tool selection criteria
- Pilot programme structure
- Measuring adoption success
- Building internal champions
- Handling resistance scenarios
- Linking to performance metrics
- Sustaining momentum post-launch
- Resource allocation negotiation
- Scaling from pilot to enterprise
- Template: adoption playbook
- Influence at design phase
- Threat modelling integration
- Anticipating misuse cases
- Shaping procurement requirements
- Vendor evaluation frameworks
- Contractual risk allocation
- Design pattern recommendations
- Influence through architecture review
- Early warning indicators
- Scenario planning for future risks
- Building organisational foresight
- Template: pre-deployment risk brief
- Curating your reference cases
- Documenting decision rationales
- Organising templates by use case
- Versioning your playbook
- Sharing selectively with teams
- Updating for new guidance
- Using examples in client discussions
- Annotating real project work
- Protecting proprietary insights
- Linking to internal repositories
- Maintaining artefact credibility
- Finalising your master playbook
How this maps to your situation
- Leading an AI risk assessment for a federal agency
- Supporting a client’s internal AI governance rollout
- Responding to a regulator-facing AI audit request
- Designing AI oversight mechanisms for a classified system
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 3, 4 hours per module, designed to be completed over 4, 6 weeks with flexible pacing.
How this compares to the alternatives
Unlike generic AI governance overviews or vendor-specific tool trainings, this course focuses exclusively on deep command of the NIST AI RMF structure, interpretation, and application, enabling fluency that transfers across clients and contexts.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.