Compliance

From Framework to Floor: Using NIST AI RMF and MITRE ATLAS in Practice

Promptention Team
May 19, 2026
7 min read

Table of Contents

NIST AI RMF tells you how to govern AI risk; MITRE ATLAS tells you how AI systems actually get attacked. One is the management system, the other is the threat library. Used together, they turn "we take AI security seriously" into something you can audit.

Two reference works come up constantly in serious AI security conversations, and they are routinely confused or treated as interchangeable. They are not. The NIST AI Risk Management Framework and MITRE ATLAS answer different questions, and their real power is in how they fit together. One gives you a way to govern AI risk; the other gives you a concrete catalog of how AI systems are actually attacked. Governance without a threat library is vague; a threat library without governance is a pile of techniques no one owns. Put them together and "we take AI security seriously" becomes something you can show an auditor.

NIST AI RMF: the management system

The NIST AI Risk Management Framework (AI RMF 1.0, with a Generative AI Profile that extends it to GenAI-specific concerns) is a voluntary framework for managing the risks of AI systems across their lifecycle. It is deliberately not a checklist of controls. It is a way of organising the work, built around four functions:

  • Govern — establish the culture, policies, accountability, and oversight for AI risk. This is the function that makes the other three stick.
  • Map — understand the context: what the system does, where it is deployed, who it affects, and what could go wrong.
  • Measure — assess and track the risks you mapped, using appropriate methods and metrics.
  • Manage — act on what you measured: prioritise, mitigate, monitor, and respond.

The value of AI RMF is that it forces the boring questions that prevent incidents: Who owns this risk? How do we know it is being managed? What is our evidence? For an LLM deployment heading toward regulatory scrutiny, this structure maps cleanly onto what regulations like the EU AI Act expect, risk management, oversight, documentation, monitoring, which is why aligning to AI RMF is a practical head start on compliance, not a parallel exercise.

MITRE ATLAS: the threat library

Where AI RMF tells you how to manage risk, MITRE ATLAS tells you what the risks look like when an adversary shows up. ATLAS, the Adversarial Threat Landscape for Artificial-Intelligence Systems, is a knowledge base of real-world tactics and techniques used against AI systems, structured like the ATT&CK framework that security teams already know. It catalogs how attackers reconnoiter, gain access, manipulate models, evade defenses, and exfiltrate, against machine-learning systems specifically.

ATLAS is what turns "measure your risks" from an abstraction into a concrete exercise. Instead of imagining what might go wrong, you have a structured library of what has gone wrong, prompt injection, model evasion, data poisoning, model theft, and more, each with described techniques. Your red team can test against it; your detection can be mapped to it; your coverage gaps become visible against a shared vocabulary.

How they fit together

The two are complementary by design, and the cleanest way to see it is to run them as a loop.

AI RMF functionWhat MITRE ATLAS contributes
GovernShared threat vocabulary so risk ownership is concrete, not hand-wavy
MapA real catalog of AI attack techniques to map your exposure against
MeasureSpecific techniques to test for and measure coverage against
ManageKnown mitigations and a way to track which techniques you have addressed

You use AI RMF to decide that you will manage risk and who is accountable. You use ATLAS to know which risks are real and how they manifest. AI RMF without ATLAS tends to produce earnest documentation that does not connect to any actual attack. ATLAS without AI RMF produces a security team that knows the threats but has no governance forcing the organisation to act on them. Together, they are a management system wired to a threat model.

Turning frameworks into a floor

A framework is only worth the controls it produces. The trap is treating alignment as a paperwork exercise: a binder that says "aligned to NIST AI RMF" with no detection, no testing, no monitoring underneath it. The frameworks are the floor plan; the controls are the building. For an LLM or agentic system, that means concrete capabilities, input-layer detection for the injection techniques ATLAS catalogs, red teaming against current adversarial methods, logging that supports the Measure and Manage functions, and monitoring that closes the loop. The frameworks tell you what good looks like. They do not build it for you.

Frequently asked questions

Are these mandatory? Both are voluntary, but they are widely treated as authoritative, and aligning to them maps directly onto obligations that are mandatory in regimes like the EU AI Act. Voluntary frameworks are often the most practical route to demonstrable compliance.

Do I need both? For anything beyond a toy deployment, yes. AI RMF gives you the governance; ATLAS gives you the threat realism. Each covers a gap the other leaves open.

How does this connect to OWASP's lists? OWASP's Top 10 lists for LLM and agentic applications are excellent, specific risk catalogs that sit comfortably alongside ATLAS as part of your "what are the threats" picture, governed by AI RMF as your "how do we manage them" structure. They reinforce rather than compete.

Where Promptention fits

Our threat coverage is mapped to MITRE ATLAS and the OWASP Top 10 lists, and our risk governance is aligned to the NIST AI Risk Management Framework, by design, because we built the product to be the floor those frameworks describe. The detection, red teaming, logging, and monitoring that AI RMF asks you to put in place, and that ATLAS gives you the threat list for, are what we provide. Frameworks become a floor when there are real controls under them. That is the part we handle.

Promptention maps threat coverage to MITRE ATLAS and the OWASP Top 10, with governance aligned to the NIST AI Risk Management Framework.

Further reading: NIST AI Risk Management Framework (AI RMF 1.0) and Generative AI Profile; MITRE ATLAS; OWASP Top 10 for LLM and Agentic Applications.

Written byPromptention Team

Promptention is an enterprise AI security company. We help teams ship LLM and AI-agent applications safely — with guardrails, red teaming, and model scanning built for production.

Back to all articles

Keep reading

The EU AI Act in 2026: What Actually Applies, and WhenFeatured
complianceJune 20, 2026

The EU AI Act in 2026: What Actually Applies, and When

The EU AI Act becomes fully applicable on 2 August 2026, but a 2025-2026 simplification package has shifted some of the hardest deadlines. Here is a clear, current map of what is in force now, what moved, and what it means for anyone deploying LLMs.

Read More →8 min read
Two Rulebooks, One Pipeline: KVKK and the EU AI Act for AI Deployments
complianceJune 18, 2026

Two Rulebooks, One Pipeline: KVKK and the EU AI Act for AI Deployments

Companies operating across Turkey and the EU answer to two regimes at once: KVKK for personal data and the EU AI Act for AI systems. They overlap more than they conflict. Here is how to build one pipeline that satisfies both instead of two that fight each other.

Read More →7 min read
Building an AI Governance Framework That Isn't Just PaperworkFeatured
complianceMay 16, 2026

Building an AI Governance Framework That Isn't Just Paperwork

Most AI governance is a binder nobody reads. We lay out how to build a framework that actually changes what happens in production, who owns risk, how it is measured, and how policy becomes enforced control.

Read More →7 min read