Releases: vintagedon/nist-ai-rmf-cookbook
v0.2 - Multi-framework Compliance Expansion
NIST AI RMF Cookbook v0.2 - Multi-framework Compliance Expansion
Overview
Version 0.2 represents a major expansion of the NIST AI RMF Cookbook, transforming it from a single-framework reference into a comprehensive multi-framework compliance toolkit with extensive model coverage and practical implementation guidance.
Major Accomplishments
🤖 Comprehensive Model Card Library (146 cards)
Expanded from 42 to 146 model cards covering all major AI providers:
- Anthropic: Claude 4 Opus, Sonnet 4.5/4, Haiku 3.5/3
- OpenAI: GPT-4 Turbo/o, GPT-4o mini, GPT-5, o1/o3 series, Sora v2
- Google: Gemini 2.5/2.0/1.5 Flash/Pro, Gemma 3, Imagen 4.0
- Meta: Llama 4 Maverick/Scout, Llama 3.3, 3.2, 3.1, 3
- Mistral: Large 2, Small 2025, Mixtral 8x22b, Nemo
- Cohere: Command R+ 2025, Coral Enterprise Reasoning
- xAI: Grok 2, Grok 1
- Amazon: Nova Pro/Lite/Micro
- Microsoft: Phi-4 (multimodal/reasoning), Phi-3.5, Vibe Voice
- DeepSeek: R1, v2.5, v2
- Qwen: 3 (235B, 32B), 2 (72B, 7B)
- Yi: Edge Vision series, Lightning series
- Plus: Nvidia, Alibaba, Baichuan, Falcon, and others
Each model card includes standardized YAML metadata, capability descriptions, risk assessments, control mappings, and multi-framework compliance references.
🔄 Multi-Framework Integration
Expanded beyond NIST AI RMF to include:
- CIS Controls v8: Information security control mappings
- ISO 31000:2018: Risk management alignment
- Colorado SB24-205: AI deployment compliance requirements
- Framework Crosswalk: Comprehensive mapping across all frameworks
All policies, standards, and risk scenarios now cross-reference multiple framework requirements.
📋 Governance & Policy Framework
Complete governance documentation including:
- AI governance policy
- AI acceptable use policy
- Model deployment policy
- Data management policy
- Risk management policy
- Third-party AI services policy
- Technical standards for assessment, security, transparency
🏗️ Proxmox Astronomy Cluster Implementation
Organization-specific implementation demonstrating practical application:
- Cluster-specific policies and standards
- Model cards for deployed models (Claude, Gemini, GLM)
- Risk scenarios tailored to cluster environment
- Implementation evidence and runbooks
- Control schemas and validation
📊 Validation & Quality
- YAML schemas for model cards, data cards, risk definitions, control mappings
- Automated validation capabilities
- Comprehensive documentation templates
- 77 architectural decisions documented
What's Changed
Added
- 104 new model cards (42 → 146)
- Multi-framework compliance mappings
- Comprehensive policy and standards library
- Risk scenario templates and library
- Validation schemas for structured data
- Proxmox astronomy cluster implementation
- Examples and reference implementations
Changed
- Repository structure consolidated for better organization
- Documentation expanded with article templates
- Enhanced README with comprehensive scope and guidance
Removed
- Deprecated repository governance structure (consolidated into policies)
Statistics
- Model Cards: 146
- Commits: 10 logical groups
- Documentation: Comprehensive policies, standards, risk scenarios
- Frameworks: 4+ (NIST AI RMF, CIS Controls v8, ISO 31000, Colorado SB24-205)
Getting Started
- Browse the model card library for AI system documentation
- Review policies for governance guidance
- Explore risk scenarios for risk management
- Use schemas for validation and consistency
License
MIT License - See LICENSE for details
Full Changelog: v0.1.0...v0.2
v0.1.0 - Foundational Release: Operational AI Governance Framework
NIST AI RMF Cookbook v0.1.0 - Foundational Release
This release documents the formalization of AI governance for our research cluster and extracts reusable templates for broader use. This is operational infrastructure, not theoretical guidance.
🎯 What's Delivered
Operational Governance (_repository-governance/)
- AI Acceptable Use Policy (in production)
- Model Selection Strategy with four-tier architecture ($140/month documented)
- Model cards for Claude Sonnet 4.5, GPT-5, Gemini Pro 2.5, Llama 3.1 8B
- Multi-model consensus methodology
- ROI analysis (175 hours/year saved)
Generic Templates (policies/)
- AI Acceptable Use Policy template with customization guidance
- Educational annotations for organizational adaptation
Documentation Schemas (schemas/)
- Model Card Schema (YAML)
- Data Card Schema (YAML)
- Risk Assessment Schema (YAML)
- Control Mapping Schema (YAML)
- Evaluation Plan Schema (YAML)
Framework Alignment (docs/)
- NIST AI RMF ↔ ISO/IEC 42001 crosswalk
- NIST AI RMF ↔ ISO/IEC 23894 crosswalk
- NIST AI RMF ↔ NIST SP 800-53 Rev. 5 crosswalk
- NIST AI RMF ↔ EU AI Act crosswalk
📊 Framework Mapping
All artifacts map to NIST AI RMF 1.0 functions:
- GOVERN: Policy, strategy, roles/responsibilities
- MAP: Model cards, risk identification, data classification
- MEASURE: Multi-model consensus, quarterly reviews, ROI tracking
- MANAGE: Four-tier architecture, exit interviews, evidence artifacts
❌ Not Included (Future Work)
- Worked examples (RAG assistant, classifier) - Planned for v0.2+
- Automation tools (YAML validation, OSCAL export) - Phase 3
- Complete policy library - We write as needed, not speculatively
- GRC tool integration - Phase 4
🔬 Academic Citation
This release is archived on Zenodo with DOI: 10.5281/zenodo.17332823
Cite as:
Donald, F. (2025). NIST AI RMF Cookbook: Operational Templates and Schemas for AI Governance Implementation (0.1). Zenodo. https://doi.org/10.5281/zenodo.17332823
🔄 What's Next
v0.2/0.3: Framework-guided evaluation of Microsoft Business GPT
- Documented MAP/MEASURE/MANAGE application to real decision
- Complete worked example with risk assessment, evaluation plan, control mapping
- Policy template updates based on enterprise integration learnings
📚 Documentation
⚖️ License
MIT License - Maximum reusability for operational governance work
Status: Operational | Framework: NIST AI RMF 1.0 | Released: 2025-10-10
Full Changelog: https://github.com/vintagedon/nist-ai-rmf-cookbook/commits/v0.1.0