NIST AI RMF: What It Is, What It Requires, and How to Use It

The NIST AI RMF — formally, the Artificial Intelligence Risk Management Framework (AI RMF 1.0) ↗ — is the U.S. government’s primary voluntary standard for identifying, assessing, and managing AI-related risk. Published by the National Institute of Standards and Technology on January 26, 2023, it has since become the dominant reference framework in federal agency AI governance requirements, state AI legislation, and enterprise GRC programs. If your organization builds, deploys, or procures AI systems in the U.S. market, understanding the NIST AI RMF is no longer optional context — it shapes what auditors, regulators, and procurement officers expect.

This is a working reference for compliance leads, AI product teams, and GRC practitioners who need to understand what the framework actually says, not a summary of summaries.

The four core functions: GOVERN, MAP, MEASURE, MANAGE

The AI RMF organizes AI risk management around four functions. NIST is explicit that these are not sequential phases — an organization does not complete GOVERN before starting MAP. They operate in parallel throughout the AI lifecycle, with different teams carrying different functions depending on their role.

GOVERN is the cross-cutting function that informs all others. It covers organizational culture, accountability structures, policies, and workforce competency. In practice: Who owns AI risk? What authority does that person have? What training exists? What procurement and vendor oversight processes apply? The GOVERN function answers those questions. Without it, MAP, MEASURE, and MANAGE lack organizational anchoring — they become audits performed in a vacuum.

MAP establishes context before a risk can be measured. It requires identifying the intended use of the AI system, the affected stakeholders, the applicable legal and normative requirements, and the potential failure modes. It is the function most commonly skimped on for legacy systems. Organizations tend to run MAP during development and then treat it as complete. The framework treats MAP as continuous — a deployed system operating in a changed regulatory or social context may have risks the original MAP exercise did not address.

MEASURE applies quantitative and qualitative tools to evaluate the risks and trustworthy characteristics identified in MAP. This includes testing before deployment and ongoing evaluation in production. The MEASURE function explicitly covers 13 categories of trustworthy AI characteristics: accuracy, reliability, interpretability, safety, security, resilience, explainability, privacy, fairness, accountability, transparency, and others. Organizations need to match their measurement approaches to the harms their MAP function identified — a bias evaluation that covers only demographic proxies while missing intersectional effects is a MEASURE gap, not a MEASURE completion.

MANAGE allocates resources to respond to identified and measured risks. It covers prioritization, treatment strategy (mitigate, transfer, avoid, or accept), post-deployment monitoring, incident response, and documentation. A key distinction: MANAGE is not just about preventing risk before deployment. It includes ongoing monitoring of systems already in production and structured incident response when something goes wrong. Teams building AI observability and monitoring infrastructure are operationalizing the MANAGE function — for complementary guidance on what continuous model monitoring looks like in practice, mlmonitoring.report ↗ covers drift detection, alerting, and data quality approaches in depth.

The GenAI Profile: NIST AI 600-1

On July 26, 2024, NIST published NIST AI 600-1 ↗, a profile of the AI RMF specifically targeting generative AI risks. It was developed pursuant to Executive Order 14110 on Safe, Secure, and Trustworthy AI.

The GenAI Profile keeps the four-function structure but adds subcategory guidance mapped to twelve risk categories unique to generative systems:

• Confabulation (hallucination and fabrication)
• Data privacy — training data memorization and inference
• Dangerous or violent recommendations
• Environmental harms — energy and resource consumption
• Harmful bias and homogenization
• Human-AI configuration — over-reliance, deception
• Information integrity — synthetic media, disinformation
• Information security — adversarial prompting, data poisoning
• Intellectual property
• Obscene, degrading, or abusive content
• Toxicity
• Value chain and component integration

For any organization deploying an LLM-based product — customer service chatbots, code generation tools, document summarization, content generation — the 600-1 profile is the operative document. The base AI RMF 1.0 remains the foundation; 600-1 is the overlay. Teams working on guardrails and content filtering to address these categories can find tool comparisons and implementation approaches at guardml.io ↗.

How the AI RMF connects to mandatory requirements

The AI RMF is a voluntary framework. NIST was explicit about this, and the document itself cautions against treating it as a checklist. That said, voluntary status does not mean optional in practice.

Federal agencies face quasi-mandatory application through OMB Memorandum M-24-10 (March 2024), which directed agencies to apply risk management practices to AI systems impacting rights or safety and referenced the AI RMF as the governing resource. Agencies that receive federal contracts face procurement language that increasingly requires demonstrated AI risk management aligned with the framework.

State-level laws in Colorado, California, and Texas reference or invoke the NIST AI RMF either directly or through language that maps to its functions. The better-drafted provisions specify which documentation artifacts are required; the weaker ones say “consistent with NIST guidance” without further specificity, which creates an obligation that is practically unenforceable.

The EU AI Act is a separate legal instrument — it has mandatory requirements and conformity assessment obligations the AI RMF does not. The two are increasingly mapped to each other by compliance teams, but organizations subject to the EU AI Act cannot treat AI RMF alignment as equivalent. The NIST AI RMF is a risk management methodology; the EU AI Act is a product liability and market-access regime.

Using the RMF Playbook and AIRC

The NIST AI Resource Center Playbook ↗ is the operational companion to the framework document. For each function, category, and subcategory, the Playbook provides suggested actions, documentation examples, and references to external standards. It is searchable by function and is updated as NIST releases new profiles and supplementary guidance.

Organizations beginning an AI RMF implementation typically use the Playbook to:

1. Identify which categories apply to their specific AI deployment context
2. Develop internal procedures for MAP-function context documentation
3. Select metrics for the MEASURE function that match identified risk categories
4. Build MANAGE-function incident response procedures

One common pattern among organizations new to the framework: they start with GOVERN — writing policies — and then stall before MAP and MEASURE become operational. The policy exists; the risk documentation does not. The Playbook’s suggested actions for MAP and MEASURE are specific enough to drive actual deliverables rather than abstract commitments.

What a GRC team should do this quarter

If your organization has adopted the AI RMF nominally but has not run MAP-function assessments on deployed systems, that is the gap most likely to surface in any external review. The MAP function requires documented analysis of each AI system’s context, intended use, affected populations, and potential harms — not once during development, but as an ongoing practice.

For systems already in production, a practical starting point: catalog every AI system in active use, identify who is affected by its outputs, and document the top three failure modes for each. That exercise produces the MAP function inputs that all downstream MEASURE and MANAGE work depends on. It is also the artifact that regulators, auditors, and enterprise procurement teams most commonly request when they ask to see AI risk management evidence.

Sources

• NIST AI Risk Management Framework 1.0 (NIST AI 100-1) ↗ — primary framework document; four-function structure in Section 2.2, trustworthy AI characteristics in Section 2.1.
• NIST AI Risk Management Framework — Main Page ↗ — official NIST landing page with links to profiles, supplementary materials, and the April 2026 Critical Infrastructure concept note.
• NIST AI 600-1: Generative AI Profile ↗ — the 2024 GenAI-specific profile; twelve risk categories mapped to all four RMF functions.
• NIST AI Resource Center — RMF Playbook ↗ — operational companion with suggested actions and documentation guidance for each subcategory.