NIST AI RMF crosswalk to AEF
This crosswalk positions AEF as the implementation-layer evidence format for NIST AI RMF. NIST defines what organizations must govern; AEF defines how the resulting evidence is made portable, tamper-evident, and verifier-friendly.
Crosswalk
| NIST AI RMF function | Required governance artifact | AEF representation | Example kinds |
|---|---|---|---|
| Govern | policy approval, accountability, risk acceptance | signed governance events in a chained ledger | governance.approval, waiver.granted, policy.enforced |
| Map | system inventory, intended use, affected people, deployment context | subject-scoped model or agent records with structured payloads | model.proposed, agent.action |
| Measure | evaluation outputs, threshold gates, validation evidence | immutable run + evidence-pack export records | run.created, run.completed, evidence.pack_exported |
| Manage | deployment, incidents, retirements, corrective actions | operational events and linked evidence exports | model.deployed, incident.opened, incident.closed, model.retired |
Why AEF matters for NIST adoption
NIST AI RMF is intentionally technology-agnostic. Without a common evidence format, each vendor exports different JSON, different timestamps, and different hash logic. AEF closes that gap:
- canonical JSON means verifier portability
- hash chaining means tamper evidence
- detached signatures mean cross-org attestations
- public schemas mean outside auditors can validate without CloudTune
Minimal NIST-ready evidence set
A NIST-ready AEF ledger for one governed model should include at least:
1. model.proposed 2. run.created 3. run.completed 4. governance.approval 5. model.deployed 6. incident.opened / incident.closed when applicable 7. evidence.pack_exported for the review packet sent to internal audit or regulators
Auditor posture
An auditor should be able to:
- validate every record hash using the public verifier
- confirm chain continuity by
previous_hash - independently check signatures on governance approvals
- inspect evidence-export payloads without access to the originating control plane