🔎

Retrieval-Augmented Generation (RAG)

NIST AI RMFOWASP RAGAISVS C10NIST 800-53

Integrates external knowledge sources and retrieval mechanisms with generative models to enhance reasoning and output accuracy. (NIST: Data, Knowledge; OWASP: RAG; AISVS: C10)

Subcomponents
  • Retriever Module
    Fetches relevant documents or data from external sources.
  • Knowledge Connector
    Connects to databases, APIs, or vector stores for retrieval.
  • RAG Pipeline
    Orchestrates retrieval and generation steps for each query.
Security Implications
RAG systems are vulnerable to data poisoning, retrieval manipulation, and knowledge source compromise. Validate retrieved data and monitor connector integrity.
Implementation Considerations
Apply retrieval validation, source whitelisting, and output filtering. Monitor for anomalous retrieval patterns. Reference: OWASP RAG, AISVS C10.
Related Components
🧠Language Models (LLMs)🗄️Memory Modules🛠️Tool Integration Frameworks
NIST 800-53 Rev 5 Controls
AC-2AC-3AC-6SI-4SI-7SC-8
🗂️ Framework References
NIST AI Risk Management Framework
NIST AI RMF Official DocumentationNIST AI RMF 1.0 (PDF)
OWASP AISVS
Interactive AISVS ToolOWASP AISVS GitHub Repository