NIST AI Risk Management Framework, Explained
The NIST AI Risk Management Framework (AI RMF 1.0) is a voluntary, sector-agnostic guide published by the U.S. National Institute of Standards and Technology in January 2023. It helps organizations identify, assess, and reduce risks across the lifecycle of artificial intelligence systems through four functions: Govern, Map, Measure, and Manage. It is not a regulation and carries no legal mandate.
The framework pairs those four functions with a set of seven characteristics that define what makes an AI system trustworthy. Because it is voluntary, organizations adopt it to improve practice and to demonstrate diligence rather than to satisfy a statute. The sections below explain what the framework contains, how the functions operate, how it relates to other standards, and how to run a first adoption cycle.
What is the NIST AI Risk Management Framework?
NIST developed the AI RMF under a directive in the National Artificial Intelligence Initiative Act of 2020. The agency ran an open, multi-stakeholder process across roughly 18 months, drawing input from industry, academia, civil society, and government before releasing version 1.0.
The framework treats AI risk as the combination of the probability of an event and the magnitude of its consequence, including consequences for individuals, groups, organizations, and society. That broad scope is deliberate. A model can perform well on aggregate accuracy and still cause harm to a specific population, degrade over time, or behave in ways that no one can explain to a regulator or a customer.
Three documents make up the practical toolkit:
The Core, which contains the four functions and their categories and subcategories of outcomes.
The AI RMF Playbook, an online companion with suggested actions, references, and documentation for each subcategory.
Profiles, which describe how the framework applies to a specific use case, sector, or organizational context.
NIST positions the framework as rights-preserving, non-prescriptive, and adaptable. It does not tell you which fairness metric to use or what accuracy threshold to accept. It tells you to decide those things deliberately, document the decision, and assign someone accountable for it.
Who should use it
The AI RMF is written for anyone in the AI value chain. That includes organizations that design and build systems, those that deploy and operate them, and those that acquire AI from vendors. NIST groups these actors into categories such as AI designers, developers, deployers, and third-party evaluators, and the framework expects responsibilities to be distributed and traced across them.
What are the seven characteristics of trustworthy AI?
NIST defines trustworthiness as a property an AI system earns by exhibiting a set of characteristics together. No single one is sufficient on its own, and they often conflict, which forces explicit tradeoff decisions.
Characteristic: Valid and reliable
What it means in practice: The system performs as intended across expected operating conditions and degrades predictably under stress.
Characteristic: Safe
What it means in practice: The system does not create conditions that endanger human life, health, property, or the environment.
Characteristic: Secure and resilient
What it means in practice: The system withstands adversarial attacks (such as data poisoning and model evasion) and recovers effectively from disruptions.
Characteristic: Accountable and transparent
What it means in practice: Information about the system is available to the people who need it, with clear ownership and assigned responsibilities.
Characteristic: Explainable and interpretable
What it means in practice: The system's outputs and the reasoning behind them can be understood by the appropriate stakeholders.
Characteristic: Privacy-enhanced
What it means in practice: The system protects autonomy, identity, and personal data through practices such as data minimization.
Characteristic: Fair, with harmful bias managed
What it means in practice: The system promotes fairness and equity while identifying and mitigating systemic, computational, and human-cognitive sources of harmful bias.
The system accounts for equality and equity, and managed bias covers systemic, computational, and human-cognitive sources.
A common failure is to optimize for one characteristic and ignore the cost to another. Pushing accuracy through a larger, more opaque model can reduce explainability. Tightening privacy through aggressive data minimization can reduce reliability for underrepresented groups. The framework asks teams to identify these tensions early rather than discover them in production.
How do the four core functions work?
The Core organizes work into four functions. Govern runs continuously and contains the other three. Map, Measure, and Manage form a repeating cycle that runs throughout the system lifecycle.
Govern
Govern establishes the culture, policies, and accountability structures that make risk management possible. It covers legal and regulatory requirements, risk tolerance, roles and responsibilities, workforce diversity and competency, and oversight of third-party and supply-chain risk. Without a functioning Govern function, the other three produce documentation that no one acts on.
Concrete Govern artifacts include a written AI risk management policy, a defined risk tolerance statement, an inventory of AI systems in use, and a named accountable owner for each system.
Map
Map builds the context needed to frame risk. The team records the system's intended purpose, its setting of deployment, the categories of people it affects, expected benefits, and potential negative impacts. Map is where you decide whether the AI system should be built at all, and the framework explicitly allows the decision not to deploy.
Measure
Measure applies quantitative and qualitative methods to analyze and track the risks identified in Map. This function covers test, evaluation, verification, and validation. It includes measuring trustworthiness characteristics, examining performance across demographic groups, monitoring for drift, and tracking residual risk that cannot be eliminated.
Manage
Manage allocates resources to the risks that Measure surfaced. It involves prioritizing risks against the organization's tolerance, deciding which to treat, transfer, avoid, or accept, planning response and recovery, and communicating with affected parties. Manage then feeds its outcomes back into Govern and Map so the next cycle starts with better information.
For a deeper treatment of how these functions translate into an operating model, see our guide to building a practical AI risk management framework.
How do you implement the NIST AI RMF step by step?
The framework is not a checklist you complete once. Below is a sequence many organizations follow for a first adoption cycle.
Secure executive sponsorship and define risk tolerance. Document how much risk the organization will accept, for which use cases, and who signs off. This is a Govern activity, and everything downstream depends on it.
Inventory your AI systems. List every model and AI-enabled feature in production and in development, including vendor-supplied capabilities. Many organizations discover systems no one had registered.
Assign accountable owners. Each system gets a named person responsible for its risk posture, not a committee.
Run Map for each high-priority system. Record purpose, affected populations, expected benefits, and foreseeable harms. Decide explicitly whether to proceed.
Define metrics and run Measure. Choose how you will test validity, bias, security, and explainability, then evaluate against those metrics with documented results.
Prioritize and treat risks under Manage. Rank risks against tolerance, decide treatment for each, and document residual risk that remains after controls.
Build a Profile. Capture your context-specific application of the framework so the next team has a documented starting point.
Monitor and repeat. Re-run Map, Measure, and Manage on a defined cadence and whenever the system, data, or context changes materially.
A realistic first cycle for a single significant system runs over several weeks. Trying to apply the full framework to every system at once tends to stall, so most teams start with the systems that carry the highest potential for harm.
How does the NIST AI RMF relate to the Generative AI Profile?
In July 2024 NIST published NIST-AI-600-1, the Generative AI Profile, a companion to the AI RMF that addresses risks specific to generative systems. It identifies twelve risks that are unique to or amplified by generative AI, including confabulation (often called hallucination), the generation of dangerous or violent content, data privacy leakage, harmful bias, information integrity problems, and the lowered barrier to producing chemical, biological, radiological, and nuclear information.
The Generative AI Profile maps each risk to suggested actions organized under the same four functions. If you already run the AI RMF, the profile integrates with your existing Govern, Map, Measure, and Manage processes rather than replacing them. Organizations deploying large language models or image generators should read the profile alongside the base framework.
How does the AI RMF fit with other standards?
The AI RMF was designed to align with other major instruments rather than compete against them. Understanding the division of labor helps you avoid duplicate work.
Instrument: NIST AI RMF 1.0
Type: Voluntary U.S. AI risk management framework.
Primary role: Provides guidance for AI risk identification and management practices.
Instrument: ISO/IEC 42001
Type: Certifiable AI management system standard.
Primary role: Establishes an auditable AI management system, similar in structure to ISO/IEC 27001.
Instrument: EU AI Act
Type: Binding regulation.
Primary role: Defines legal obligations based on AI risk tiers across the European Union.
Instrument: OECD AI Principles
Type: Intergovernmental AI principles.
Primary role: Provides shared values and guidance that inform many national AI policies.
A few distinctions matter:
ISO/IEC 42001 gives you a certifiable AI management system. The AI RMF gives you the risk-analysis substance that an ISO 42001 system needs to govern. Many organizations run both, using NIST for the technical depth and ISO for the auditable structure.
The EU AI Act sorts systems into four tiers: unacceptable (prohibited), high (strict obligations), limited (transparency duties), and minimal (largely unregulated). The AI RMF is voluntary and carries no penalties, but the diligence it produces, including inventories, impact assessments, and measurement records, corresponds closely to the documentation that high-risk obligations require.
The OECD AI Principles set the values, including human-centered design and accountability, that several of these instruments share. NIST drew on them, which is part of why the frameworks align rather than contradict.
NIST has also published a crosswalk showing how AI RMF subcategories correspond to other standards and frameworks, which reduces the effort of mapping one set of controls onto another.
What does the AI RMF not do?
Being precise about the limits prevents misuse.
It is voluntary and confers no certification on its own. You cannot be certified to the AI RMF the way you can to ISO/IEC 42001.
It is non-prescriptive. It will not tell you which fairness definition or accuracy threshold to use. That choice, and its justification, belongs to your organization.
It does not replace legal compliance. Meeting the framework does not by itself satisfy the EU AI Act, sector regulation, or privacy law.
It is not static. NIST maintains and extends it, as the Generative AI Profile shows, so adoption is an ongoing commitment rather than a one-time project.
Next Steps
Use this checklist to start a defensible AI RMF adoption:
Write a one-page AI risk tolerance statement and have an executive sign it.
Build a complete inventory of AI systems, including vendor and embedded models.
Assign a named accountable owner to every system on the inventory.
Pick one high-impact system and run a full Map cycle, documenting affected populations and foreseeable harms.
Define your Measure metrics for validity, bias, security, and explainability before testing begins.
Record residual risk and treatment decisions under Manage for that first system.
Pull the Generative AI Profile (NIST-AI-600-1) for any system using generative models and add its actions to your four functions.
Draft a Profile capturing your context so the approach is reusable.
Set a review cadence, for example quarterly, and a trigger list for off-cycle reviews.
Frequently Asked Questions
Is the NIST AI Risk Management Framework mandatory?
No. The AI RMF is voluntary and carries no legal force of its own. Organizations adopt it to improve practice and to demonstrate diligence. It can support compliance with binding rules such as the EU AI Act because the inventories, impact assessments, and measurement records it produces align with what those rules require, but meeting the framework does not by itself satisfy any law.
What are the four functions of the NIST AI RMF?
The four functions are Govern, Map, Measure, and Manage. Govern sets the policies, accountability, and culture and runs continuously across the others. Map establishes context and frames potential harms. Measure analyzes and tracks risk using quantitative and qualitative methods. Manage prioritizes risks against the organization's tolerance and decides how to treat them. Map, Measure, and Manage repeat throughout the system lifecycle.
How is the AI RMF different from ISO/IEC 42001?
ISO/IEC 42001 is a certifiable management system standard that defines the structure of an auditable AI management system. The NIST AI RMF is a voluntary framework that supplies the risk-analysis substance such a system needs. You can be certified to ISO/IEC 42001 but not to the AI RMF. Many organizations run both, using NIST for technical depth and ISO for auditable structure.
Does the AI RMF cover generative AI?
Yes, through a dedicated companion. In July 2024 NIST published the Generative AI Profile (NIST-AI-600-1), which identifies twelve risks specific to or amplified by generative systems, including confabulation, data leakage, and information integrity problems. It maps suggested actions to the same four functions, so it integrates with an existing AI RMF program rather than replacing it.
How long does it take to implement the NIST AI RMF?
There is no fixed timeline because the framework scales to your context. A first full cycle for a single high-priority system typically runs over several weeks, covering governance setup, inventory, mapping, measurement, and management decisions. Applying it across an entire portfolio is an ongoing program rather than a finite project, since Map, Measure, and Manage repeat whenever a system, its data, or its context changes.