Procurement workflow surface
NIST AI Risk Management Framework — vendor disclosure form
This is a sample disclosure form a procurement team can adapt for vendor RFPs and ITTs evaluating systems against NIST AI Risk Management Framework. The provision-specific questions below were derived from the catalog's coverage cells; before issuing, a qualified procurement lawyer should review the adapted version against your jurisdiction's contract law. This form is NOT legal advice (see charter §7.4).
1. Vendor identification
2. AI system identification
3. Provision-specific questions
- Foundation Models / GPAI. Does the offered system meet the threshold for a general-purpose / foundation model under NIST AI Risk Management Framework (GenAI Profile (NIST AI 600-1, 2024))? If yes, identify the specific obligations you will satisfy and the evidence you will provide.
(Cite: GenAI Profile (NIST AI 600-1, 2024))
- Transparency Obligations. Provide the documentation required under the transparency obligations of NIST AI Risk Management Framework (Trustworthy characteristics 5 (transparency) + 6 (explainability)) — including (as applicable) model card, system card, training-data summary, evaluation results, and known limitations.
(Cite: Trustworthy characteristics 5 (transparency) + 6 (explainability))
4. Documentation enclosures expected
Tick each enclosure attached to the vendor response. Missing enclosures should be explained in the “Variances” field below.
- Transparency documentation (per-instrument schema)
- Content provenance + watermarking technical description
- Vendor company registration + insurance certificates
- Sub-processor / supply-chain list (including model upstream)
5. Vendor attestation
The undersigned, on behalf of the vendor, attests that the disclosures above are true and complete to the best of their knowledge at the date signed, and undertakes to notify the buyer in writing within 30 days of any material change to those disclosures.
This is a sample form derived from the catalog at /wiki/nist-ai-rmf. Adapt before issuing. Not legal advice; not jurisdiction-specific. See charter §7.4.