What is the NIST AI Risk Management Framework?
The NIST AI Risk Management Framework (AI RMF) is a voluntary US framework for managing risks in AI systems. Released in 2023, it is organized around four functions — Govern, Map, Measure and Manage — that help organizations build trustworthy AI throughout its lifecycle.
Overview
The NIST AI RMF is a voluntary framework from the US National Institute of Standards and Technology for managing AI risk and building trustworthy AI.
The four core functions
- Govern — cultivate a culture of risk management; policies, accountability and oversight.
- Map — establish context and identify risks for a given AI system.
- Measure — analyze and track risks using quantitative and qualitative methods.
- Manage — prioritize and act on risks, allocating resources accordingly.
Characteristics of trustworthy AI
NIST defines trustworthy AI as valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed.
How it fits
The AI RMF is not law, but it is a widely adopted reference. It complements ISO/IEC 42001 and supports EU AI Act readiness.
Want to know where you stand against this framework?
Start an AI governance gap analysis →