NIST AI RMF Crosswalk Demo

Overview

This demo walks through the NIST AI Risk Management Framework (RMF) crosswalk with EU AI Act requirements, showing bidirectional mapping between the two regulatory frameworks.

What You'll Learn

• How FCC maps 29 NIST AI RMF subcategories to EU AI Act requirements
• How to run dual-regulation compliance audits
• How to generate crosswalk reports for governance teams

Prerequisites

• FCC framework installed (pip install -e .)
• Basic understanding of compliance concepts (Getting Started)

Running the Demo

fcc compliance-audit --regulation nist-rmf --crosswalk eu-ai-act --format markdown

NIST AI RMF Structure

The framework covers all four NIST AI RMF functions:

Function	Subcategories	Description
GOVERN	6	Policies, roles, and accountability structures
MAP	8	Context, scope, and risk identification
MEASURE	9	Metrics, testing, and evaluation
MANAGE	6	Mitigation, monitoring, and response

Crosswalk Mapping

Each NIST subcategory maps to one or more EU AI Act articles:

from fcc.compliance.requirements import RequirementRegistry

registry = RequirementRegistry.load()
nist_reqs = registry.by_regulation("nist-rmf")
for req in nist_reqs[:5]:
    print(f"{req.id}: {req.title}")
    print(f"  EU AI Act crosswalk: {req.crosswalk_ids}")

Related Demos

• Compliance Pipeline Demo
• AI Act Audit Demo
• Compliance Dashboard Demo