41 Ways the AI RMF Playbook Disagrees With Itself
We audited the AI RMF Playbook JSON against the AI RMF Core HTML. 41 of 72 subcategories drift between the two NIST sources — 57% disagreement rate. One severity-3 semantic divergence narrows the obligated party scope at GOVERN 5.2. Nine severity-2 typos and capitalisation issues, including the well-known "Decision-makings" typo. 31 minor wording deltas. Every divergence has a remediation proposal with literal patch text.
The Setup
NIST publishes the AI Risk Management Framework in two forms. The Core is the HTML rendering at airc.nist.gov/airmf-resources/airmf/5-sec-core — this is what compliance citations point to. The Playbook is a structured JSON export at airc.nist.gov/docs/playbook.json — this is what tooling consumes.
They should agree. They do not.
While building the OSCAL conversion, we diffed every subcategory statement between the two sources. 41 of 72 controls drift. 57% disagreement rate.
Per-Function Breakdown
| Function | Drifts | Total | Rate |
|---|
|---|---|---|---|
| GOVERN | 9 | 19 | 47% |
|---|
| MAP | 11 | 18 | 61% |
|---|
| MEASURE | 14 | 22 | 64% |
|---|
| MANAGE | 7 | 13 | 54% |
|---|
MEASURE has the worst drift rate. GOVERN the lowest, but it contains the single severity-3 finding.
Severity 3: One Semantic Divergence
GOVERN 5.2 in the Core obligates "the team that developed or deployed AI systems." The Playbook substitutes "AI actors." This narrows the obligated party scope materially. An "AI actor" is a defined NIST role that includes downstream operators, third-party integrators, and end users. The Core wording is narrower and assigns responsibility to the specific team. A compliance audit citing the Playbook would land on a different obligated party than one citing the Core.
Our remediation proposal: adopt-core. Use Core wording verbatim in any artifact intended for compliance work.
Severity 2: Nine Findings
One famous typo, eight capitalisation issues:
- ●GOVERN 3.1 — "Decision-makings" (Playbook) vs "decision-making" (Core). Plural noun where the verb form is required.
- ●Seven capitalisation cases — Playbook capitalises "MAP function" / "MEASURE function" / "MANAGE function" where Core uses lowercase. This affects 12 controls when expanded by reference. Tracked as systemic finding S-1.
- ●GOVERN 4.3 — internal inconsistency where Playbook uses both "Trustworthy AI" and "trustworthy AI" in the same control statement.
These are not cosmetic. Schema-driven downstream tooling that string-matches function names will fail one source or the other.
Severity 1: Thirty-One Minor Wording Deltas
Whitespace, Oxford-comma drops, "and/or" vs "or", article changes ("the team" vs "a team"). Individually trivial. Collectively, 31 of these means roughly 43% of all controls disagree at the typographic level even before semantic review.
Two Systemic Findings
S-1 — Function-name casing. Playbook treats GOVERN/MAP/MEASURE/MANAGE as proper nouns; Core uses sentence case inside running text. 12 controls affected. Remediation: adopt Core convention systemwide.
S-2 — Core-internal hyphenation. GOVERN 6.1 hyphenates "third-party" while MAP 4.1 uses "third party" in the same Core source. Not a Playbook divergence — Core disagrees with itself. Remediation: adopt-core-with-caveat, flag the inconsistency, await NIST guidance.
Why This Matters
If you cite the Playbook in audit artifacts and your auditor cites the Core, you have a control statement mismatch on more than half of NIST AI RMF subcategories. That is not a hypothetical risk — that is a documented 41-control gap as of v1.0.
Every divergence in our catalog has a remediation proposal with literal patch text. Pick your source, pick your patch, get on with the work.