MetincTrust
All sample reports
Marcus BellAI-generated
NIST AI RMF Readiness Report

Marcus Bell

VP Engineering · ApexHire
HR tech & recruiting
Actor role
developer, deployer
Risk tier
high
Confidence
100 · High
Lifecycle
production

As a developer, deployer on a high-risk production, your self-attested readiness is "Needs remediation" (59/100). You are strongest in govern — organizational ai risk governance; the most material gap is in measure — tevv, metrics & trustworthiness evaluation. A foundational gap currently caps your score at 59.

Report saved

Your results are available through this secure link.

Full report · 40 pages

This is the free report. The full report is a 40-page comprehensive deep-dive — function-by-function gap matrix, control-level findings and a 30/60/90-day roadmap.

Executive summary
Readiness score
59/ 100
Needs remediation
Function average
60raw

Confidence adjusts 6060, then caps bind at 59.

Confidence
100High

Reflects how complete and consistent your profile and current-state answers are. It never raises readiness.

Foundational caps
1binding

Foundational gaps that cap the score and cannot be averaged away. See findings below.

What this assessment indicates

As a developer, deployer on a high-risk production, your self-attested readiness is "Needs remediation" (59/100). You are strongest in govern — organizational ai risk governance; the most material gap is in measure — tevv, metrics & trustworthiness evaluation. A foundational gap currently caps your score at 59.

Strongest function
Govern — organizational AI risk governance
Primary gap
Measure — TEVV, metrics & trustworthiness evaluation
Immediate focus
Test GAI vulnerabilities: prompt injection, extraction, poisoning

Foundational gap findings

  • Production AI with no incident response/communication process (MG13=No) — caps the score at 59.

Function performance

Score out of 100 · target 70
Govern — organizational AI risk governance
72.3
Map — context, intended purpose & impact profile
65.7
Manage — risk treatment, monitoring & improvement
53.8
Measure — TEVV, metrics & trustworthiness evaluation
47.7
0–24 Critical25–49 At risk50–74 Moderate75–100 Strong

Trustworthiness overlay

A secondary view of how your implemented controls map to NIST’s seven trustworthiness characteristics. It does not double-count into the four function scores.

Valid & Reliable
49.5
Safe
65.1
Secure & Resilient
24
Accountable & Transparent
75.7
Explainable & Interpretable
52.5
Privacy-Enhanced
59.1
Fair with Harmful Bias Managed
60

Top strengths

  • Does the system handle malicious or illegal requests such as manipulation, extortion, cyber-attacks or weapons creation? MS-2.6-006
  • Is human review required before consequential outcomes are finalized? Human oversight
  • Can affected people seek explanation, correction, appeal or escalation where appropriate? MEASURE 3.3 / MANAGE 4.1

Top gaps

  • Are GAI vulnerabilities such as prompt injection, model extraction and data poisoning tested? MS-2.7-007
  • Are indirect prompt-injection and data-exfiltration risks tested? MEASURE security
  • Does the organization determine the needed level of AI risk management based on risk tolerance and context? GOVERN 1.3
  • Does a go/no-go decision process determine whether development or deployment should proceed? MANAGE 1.1
  • Are AI risks prioritized based on impact, likelihood, resources and available methods? MANAGE 1.2

Prioritized remediation roadmap

  1. P0
    Test GAI vulnerabilities: prompt injection, extraction, poisoning
    MS-2.7-007Owner: SecurityBefore launch/continued use / 0–30 days
  2. P0
    Test indirect prompt-injection and data-exfiltration risks
    MEASURE securityOwner: SecurityBefore launch/continued use / 0–30 days
  3. P0
    Create AI incident, error, appeal and recovery procedures
    MANAGE 4.3Owner: Ops / SecurityBefore launch/continued use / 0–30 days

Turn these findings into a remediation plan

Unlock the 40-page detailed report for a function-by-function gap matrix and a 30/60/90-day roadmap, or request a verified review with evidence and analyst input.

This is an informational, self-attested readiness result — not a NIST endorsement, certification, audit, conformity assessment, or proof that an AI system is safe, fair, valid or trustworthy. No documents or evidence were reviewed. Foundational caps prevent a strong area from hiding a missing foundation; the confidence score reflects how complete and consistent your answers are, not whether controls truly exist.