TheArtOfService
Back to Frameworks

NIST AI 600-1: Generative AI Profile

Self-Assess
United States
v2024
8 domains
8 controls

NIST AI 600-1: Generative AI Profile is a companion resource to the NIST AI Risk Management Framework (AI RMF 1.0). It provides guidance for managing risks of generative AI systems, identifies 12 distinct risk categories, and maps recommended actions to the AI RMF functions: Govern, Map, Measure, and Manage.

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

Content and Bias Risks

1 controls
Controls in the Content and Bias Risks domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-7Confabulation, Bias, Information Integrity, Privacy, IP (Risks 2, 4, 5, 6, 7, 8, 10, 11)

GAI Risk Categories

1 controls
Controls in the GAI Risk Categories domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-1NIST AI 600-1 Scope and 12 Generative AI Risk Categories

Governance

1 controls
Controls in the Governance domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-2GAI Governance - Roles, Policies, and Risk Acceptance

High-Severity Risks

1 controls
Controls in the High-Severity Risks domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-6CBRN, Cybersecurity, and Information Security Risks (Risks 1, 9)

Manage Operations

1 controls
Controls in the Manage Operations domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-5Manage - Content Provenance, Human Oversight, and Incident Response

Map and Pre-Deployment

1 controls
Controls in the Map and Pre-Deployment domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-3Map - Pre-Deployment Evaluation and Use Case Mapping

Measure and Testing

1 controls
Controls in the Measure and Testing domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-4Measure - Red Teaming, Adversarial Testing, and TEVV

Safety and Sustainability

1 controls
Controls in the Safety and Sustainability domain of NIST AI 600-1: Generative AI Profile1 controls
CodeTitle
NISTAI600-8Dangerous Content, CSAM, Environmental Impacts (Risks 3, 11, 12)

Your Compliance Coverage

If you comply with NIST AI 600-1: Generative AI Profile, you already cover:

Saudi PDPL

25%

2 controls mapped

Compare →

Vietnam Law on Cybersecurity (No. 24/2018/QH14)

25%

2 controls mapped

Compare →

South Korea Korea Internet Self-Governance Organisation (KISO) Code of Ethics

25%

2 controls mapped

Compare →

+ 79 more: Florida Digital Bill of Rights (FDBR) (25%), NIST AI Risk Management Framework (AI RMF 1.0) (25%)

See all 82 mapped frameworks ↓

Maps to 82 other frameworks

8 total controls
Saudi PDPL
2 source controls mapped|6 target controls covered
25%
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
2 source controls mapped|6 target controls covered
25%
South Korea Korea Internet Self-Governance Organisation (KISO) Code of Ethics
2 source controls mapped|3 target controls covered
25%
Florida Digital Bill of Rights (FDBR)
2 source controls mapped|3 target controls covered
25%
NIST AI Risk Management Framework (AI RMF 1.0)
2 source controls mapped|5 target controls covered
25%
ISO/IEC 38500:2024 - Governance of IT
2 source controls mapped|1 target controls covered
25%
ISO 20400:2017 - Sustainable Procurement
1 source controls mapped|3 target controls covered
13%
BREEAM - Building Research Establishment Environmental Assessment Method
1 source controls mapped|4 target controls covered
13%
ISO 26000:2010
1 source controls mapped|3 target controls covered
13%
ISO 14001
1 source controls mapped|3 target controls covered
13%
IEC 60601-1 - Medical Electrical Equipment Safety
1 source controls mapped|1 target controls covered
13%
ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)
1 source controls mapped|3 target controls covered
13%
Science Based Targets initiative (SBTi) Corporate Standard
1 source controls mapped|3 target controls covered
13%
ISO 37000:2021 - Governance of Organizations
1 source controls mapped|2 target controls covered
13%
Science Based Targets Initiative (SBTi) - Net-Zero Standard
1 source controls mapped|2 target controls covered
13%
Russia Federal Law on Personal Data (152-FZ)
1 source controls mapped|3 target controls covered
13%
NIST Privacy Framework
1 source controls mapped|1 target controls covered
13%
ISO/IEC 23894:2023
1 source controls mapped|1 target controls covered
13%
Senegal Law on Personal Data Protection (Law No. 2008-12)
1 source controls mapped|5 target controls covered
13%
Tunisia Organic Law on Personal Data Protection (Law No. 2004-63)
1 source controls mapped|3 target controls covered
13%
Switzerland FADP
1 source controls mapped|3 target controls covered
13%
Bahrain PDPL
1 source controls mapped|3 target controls covered
13%
Australian Privacy Principles (APPs)
1 source controls mapped|3 target controls covered
13%
Wisconsin Data Privacy Act (SB 670)
1 source controls mapped|6 target controls covered
13%
Tennessee Information Protection Act (TIPA)
1 source controls mapped|6 target controls covered
13%
Azerbaijan Law on Personal Data (2010)
1 source controls mapped|3 target controls covered
13%
South Korea Credit Information Act
1 source controls mapped|3 target controls covered
13%
Singapore Payment Services Act 2019 (PSA) - Digital Payment Token Provisions
1 source controls mapped|1 target controls covered
13%
Spain Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD)
1 source controls mapped|3 target controls covered
13%
Poland Act on Personal Data Protection (Ustawa o ochronie danych osobowych, 2018)
1 source controls mapped|3 target controls covered
13%
ISO/IEC 29134:2023
1 source controls mapped|3 target controls covered
13%
ISO/IEC 27014:2020
1 source controls mapped|2 target controls covered
13%
Washington My Health My Data Act (MHMD)
1 source controls mapped|3 target controls covered
13%
Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
1 source controls mapped|3 target controls covered
13%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
1 source controls mapped|3 target controls covered
13%
Portugal Law No. 58/2019 - Data Protection Implementation Act
1 source controls mapped|5 target controls covered
13%
Romania Law No. 190/2018 on Data Protection Measures (GDPR Implementation)
1 source controls mapped|3 target controls covered
13%
Proposal for a Directive on improving working conditions in platform work (COM(2023) 491)
1 source controls mapped|3 target controls covered
13%
Uruguay Personal Data Protection Act (Law No. 18.331)
1 source controls mapped|3 target controls covered
13%
Peru Personal Data Protection Law (Law No. 29733)
1 source controls mapped|5 target controls covered
13%
Turkey Personal Data Protection Law (KVKK - Law No. 6698)
1 source controls mapped|5 target controls covered
13%
Uzbekistan Law on Personal Data (No. ZRU-547)
1 source controls mapped|3 target controls covered
13%
Panama Law on Personal Data Protection (Law No. 81 of 2019)
1 source controls mapped|2 target controls covered
13%
Oman Personal Data Protection Law (Royal Decree 6/2022)
1 source controls mapped|2 target controls covered
13%
Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016)
1 source controls mapped|1 target controls covered
13%
Rwanda Law No. 058/2021 Relating to the Protection of Personal Data
1 source controls mapped|8 target controls covered
13%
Ukraine Law on Personal Data Protection (Law No. 2297-VI)
1 source controls mapped|2 target controls covered
13%
Serbia Law on Personal Data Protection (2018)
1 source controls mapped|4 target controls covered
13%
Paraguay Law on Protection of Personal Data (Law No. 6534/2020)
1 source controls mapped|2 target controls covered
13%
Barbados Data Protection Act 2019
1 source controls mapped|3 target controls covered
13%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|3 target controls covered
13%
GDPR
1 source controls mapped|5 target controls covered
13%
Switzerland New Federal Act on Data Protection (nFADP/nDSG, 2023)
1 source controls mapped|3 target controls covered
13%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
1 source controls mapped|2 target controls covered
13%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
1 source controls mapped|1 target controls covered
13%
APPI
1 source controls mapped|3 target controls covered
13%
South Korea ISMS-P
1 source controls mapped|3 target controls covered
13%
Privacy Act 1988 (Australia)
1 source controls mapped|3 target controls covered
13%
Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
1 source controls mapped|3 target controls covered
13%
Union Customs Code (UCC) - Regulation (EU) No 952/2013
1 source controls mapped|2 target controls covered
13%
Turkey KVKK
1 source controls mapped|3 target controls covered
13%
Notifiable Data Breaches Scheme (Australia)
1 source controls mapped|1 target controls covered
13%
ISO/IEC 29100:2024
1 source controls mapped|3 target controls covered
13%
TEFCA - Trusted Exchange Framework and Common Agreement
1 source controls mapped|1 target controls covered
13%
COSO Internal Control - Integrated Framework (2013)
1 source controls mapped|1 target controls covered
13%
Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019)
1 source controls mapped|1 target controls covered
13%
Pakistan Personal Data Protection Bill 2023
1 source controls mapped|2 target controls covered
13%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
1 source controls mapped|2 target controls covered
13%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|1 target controls covered
13%
MARS-E - Minimum Acceptable Risk Standards for Exchanges
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27400:2022
1 source controls mapped|2 target controls covered
13%
US Children's Online Privacy Protection Act (COPPA) and COPPA 2.0 Proposed Updates
1 source controls mapped|1 target controls covered
13%
Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)
1 source controls mapped|1 target controls covered
13%
ISO 27001:2022
1 source controls mapped|1 target controls covered
13%
Azure Security Benchmark
1 source controls mapped|1 target controls covered
13%
OWASP Top 10 for LLM Applications 2025
1 source controls mapped|1 target controls covered
13%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
1 source controls mapped|3 target controls covered
13%
New Jersey Data Privacy Act
1 source controls mapped|2 target controls covered
13%
South Korea PIPA
1 source controls mapped|1 target controls covered
13%
ITU-T X.805 - Security Architecture for End-to-End Communications
1 source controls mapped|1 target controls covered
13%
FTC GLBA Safeguards Rule (16 CFR Part 314)
1 source controls mapped|1 target controls covered
13%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
1 source controls mapped|3 target controls covered
13%
Compare NIST AI 600-1: Generative AI Profile with Saudi PDPL

Frequently Asked Questions

What is NIST AI 600-1: Generative AI Profile?

NIST AI 600-1: Generative AI Profile is a compliance framework from United States with 8 domains and 8 controls. NIST AI 600-1: Generative AI Profile is a companion resource to the NIST AI Risk Management Framework (AI RMF 1.0). It provides guidance for managing risks of generative AI systems, identifies 12 distinct risk categories, and maps recommended actions to the AI RMF functions: Govern, Map, Measure, and Manage. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does NIST AI 600-1: Generative AI Profile have?

NIST AI 600-1: Generative AI Profile has 8 controls organised across 8 domains. The largest domains are Content and Bias Risks (1 controls), GAI Risk Categories (1 controls), Governance (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does NIST AI 600-1: Generative AI Profile map to?

NIST AI 600-1: Generative AI Profile maps to 82 other compliance frameworks. The top mapping partners are Saudi PDPL (25% coverage), Vietnam Law on Cybersecurity (No. 24/2018/QH14) (25% coverage), South Korea Korea Internet Self-Governance Organisation (KISO) Code of Ethics (25% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with NIST AI 600-1: Generative AI Profile compliance?

Start your NIST AI 600-1: Generative AI Profile compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST AI 600-1: Generative AI Profile requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required