The NIST AI Risk Management Framework, known as AI RMF 1.0, is voluntary guidance published in January 2023 for managing risks across the full artificial intelligence lifecycle. It helps organisations design, develop and deploy AI systems that are valid, safe, secure, accountable and fair, building what NIST describes as trustworthy AI.
What Is the NIST AI RMF and Why It Matters
NIST officially released AI RMF 1.0 on 26 January 2023 after extensive public workshops and draft consultations. The framework is sector-agnostic and use-case neutral, which means a hospital deploying a diagnostic model and a bank deploying a credit-scoring model can both apply the same underlying structure. Its central goal is to help teams identify, measure and reduce the risks that artificial intelligence introduces, from biased outputs to security failures, while still capturing the value these systems offer.
The framework is voluntary, so there is no certificate and no auditor signing off on compliance. That does not make it optional in practice. The AI RMF is heavily referenced in procurement, assurance and governance conversations, and many regulators and customers now expect to see it reflected in how an organisation manages AI. Treating it as a baseline of good practice is a sensible position for any team shipping AI into production.
A distinctive strength of the framework is that it covers the entire lifecycle, from initial design and data collection through development, deployment, operation and eventual retirement. Many AI failures happen not at launch but later, as data drifts, the world changes and a model that once performed well begins to degrade. By framing risk as a continuous concern rather than a one-time gate, the AI RMF pushes teams to keep watching their systems long after release.
The Four Core Functions: GOVERN, MAP, MEASURE, MANAGE
The heart of the AI RMF is a set of four functions that together form a continuous risk-management cycle. GOVERN is the cross-cutting function that sits across the other three, while MAP, MEASURE and MANAGE move from understanding context to acting on risk.
- GOVERN: cultivate a culture of AI risk management, set policies and processes, assign accountability and ensure oversight across the full AI lifecycle.
- MAP: establish the context, identify stakeholders and system boundaries, and surface the potential harms and benefits a given AI system can create.
- MEASURE: use quantitative, qualitative or mixed methods to analyse, benchmark and monitor AI risks and their impacts over time.
- MANAGE: allocate resources to the mapped and measured risks, respond to and recover from incidents, and communicate clearly about events.
GOVERN deserves special attention because it is the connective tissue. Without clear ownership, documented policies and board-level support, the technical work of mapping and measuring risk rarely translates into decisions that actually change how a system behaves.
The Seven Characteristics of Trustworthy AI
The AI RMF defines trustworthiness through seven characteristics. They are not abstract ideals; each one maps to concrete questions you can ask about a model before and after deployment.
- Valid and reliable: the system performs as intended across the conditions it will face.
- Safe: it does not endanger human life, health, property or the environment.
- Secure and resilient: it withstands adversarial attacks and recovers from disruption.
- Accountable and transparent: roles, decisions and data are documented and traceable.
- Explainable and interpretable: the reasons behind outputs can be understood by the people who rely on them.
- Privacy-enhanced: personal data is protected throughout the lifecycle.
- Fair with harmful bias managed: discriminatory outcomes are identified and mitigated.
The Generative AI Profile (NIST-AI-600-1)
Generative AI introduces risks that the core framework did not address in detail, so NIST published a dedicated companion. A profile is an implementation of the AI RMF functions, categories and subcategories for a specific setting, in this case generative systems. It does not replace AI RMF 1.0; instead it maps suggested actions back to GOVERN, MAP, MEASURE and MANAGE, so teams already using the framework can extend their existing practice rather than start again.
On 26 July 2024, NIST released NIST-AI-600-1, the Generative AI Profile, which extends the core framework with 12 risks unique to generative systems, including hallucination, data poisoning, prompt injection and over-reliance (NIST, 2024).
The profile was developed in part to fulfil obligations under Executive Order 14110 on safe, secure and trustworthy AI. For any organisation building chatbots, copilots or content tools, it is the most practical starting point because it names the failure modes that matter most for large language models and points to specific actions for each.
How to Operationalise the AI RMF
A framework only delivers value when it changes day-to-day behaviour. A workable sequence for putting the AI RMF into practice looks like this.
- Build an inventory of every AI system in use, including third-party and embedded models.
- Run a gap analysis against the four functions to see where governance, mapping, measurement or management is thin.
- Assign a named owner and a clear escalation path for each material AI risk.
- Define metrics and thresholds so risk can be measured rather than merely described.
- Use the Generative AI Profile to address language-model-specific risks where relevant.
- Review and update the programme as systems, regulations and threats change.
NIST also publishes an AI RMF Playbook with suggested actions, references and documentation tips for each subcategory. It is a useful library to draw from rather than a checklist to complete in full. The aim is not to implement every suggested action but to choose the ones that match the risk level, the use case and the resources available to your team.
Documentation is the thread that holds the whole effort together. Recording the decisions made under each function, the metrics chosen, the thresholds set and the people accountable turns the framework into evidence you can show to a customer, a regulator or an internal audit team. It also makes the programme repeatable as people move on and systems multiply, which is exactly where informal AI governance tends to break down.
How the AI RMF Relates to ISO/IEC 42001
The most common question we hear is whether the AI RMF competes with ISO/IEC 42001, the AI management system standard. It does not. NIST is flexible, context-specific risk guidance that explains what to manage and why, while ISO 42001 provides a structured, certifiable management system that explains how to manage it. We compare the two in depth in our ISO 42001 versus NIST AI RMF guide, but the short version is that the strongest programmes use the AI RMF to inform the implementation of an ISO 42001 management system. NIST even publishes an official crosswalk that maps its functions to ISO 42001 clauses, which makes running both together far easier.
Start where you are. If you already run an ISO 27001 information security management system, much of the governance scaffolding the AI RMF expects is familiar territory. Add AI-specific mapping and measurement on top, lean on the Generative AI Profile for your language-model use cases, and you will have a defensible, evolving approach to trustworthy AI.