Skip to main content
NIST AI RMF Training

Configure NIST AI RMF training within Drata

Updated over a week ago

HERE'S WHY

Personnel should complete NIST AI RMF Training annually in order to satisfy specific requirements within the NIST AI RMF framework. You have the option to configure this training within Drata, a key step in addressing the associated controls.

BEFORE DIVING IN

Only Admins and Information Security Leads have access to this section within Drata.

HERE'S HOW

Drata provides multiple ways to manage NIST AI RMF training within the application. When NIST AI RMF is enabled for your account you’ll have a setting for Annual NIST AI RMF Training (AI awareness training section) on the Internal Security page. From here you can select one of four options:

  1. Embedded training with automatic evidence upload

  2. Internal training with manual evidence upload by employee

  3. External training with manual evidence upload by user with the Admin or Info Sec role

  4. Training opt-out if NIST AI RMF training is not required for personnel

Once you've selected an option using the radio button, save your changes.

EMBEDDED TRAINING

Drata has developed our own embedded NIST AI RMF Training. This enables personnel to complete the training directly in My Drata during onboarding and easily fulfill their annual requirement, thereafter.

When an employee or contractor completes their NIST AI RMF training, Drata will generate a certificate of completion. This PDF is automatically uploaded to Drata and can be viewed/downloaded from the personnel drawer and by personnel in My Drata.

INTERNAL TRAINING

If your organization uses another tool or conducts internal trainings, select the second radio button. You can optionally add a URL for the external NIST AI RMF training which will link personnel to the training directly from the My Drata onboarding.

Once training is complete, personnel will need to return to ‘My Drata > Complete NIST AI RMF Training’ and upload proof of completion—such as a screenshot or other file. Once uploaded, the file can be viewed/downloaded from the personnel drawer and by personnel in My Drata.

EXTERNAL TRAINING

If you wish to keep NIST AI RMF Training completely independent from Drata, you can select the third option which will exclude the ‘Complete NIST AI RMF Training’ step from personnel onboarding.

With this option, you'll need to manually upload a file directly in each personnel drawer by selecting the NIST AI RMF Training ‘View / Upload Evidence’ button.

TRAINING OPT-OUT

If NIST AI RMF training is not required for your personnel or organization, select the fourth option to opt out of training. When selected, there will be no references to NIST AI RMF training in Drata.

COMPLIANCE CONFIRMATION

Compliance is determined by the presence of evidence of NIST AI RMF Training—such as a certificate of completion, screenshot, or other file—for each current employee or contractor within your organization.

Navigate to the ‘Personnel’ page to see the status of NIST AI RMF Training compliance for all personnel under the AI Awareness Training column, or select a specific person to view their personnel details and view or upload evidence.


Did this answer your question?