Governance & guardrails
The NIST AI RMF, explained for people who have to apply it
The NIST AI RMF is the US reference for managing AI risk, and it usually lands on your desk as a sentence in a contract or a note from your board: "align with the NIST AI RMF." This page explains what it is and, more to the point, how a normal company actually stands it up.
What the NIST AI RMF is
NIST is the US National Institute of Standards and Technology, and Congress directed it to build this through the National AI Initiative Act of 2020. It published AI RMF 1.0 on 26 January 2023, after about 18 months of open development with more than 240 contributing organizations. The goal was plain: give organizations a repeatable way to identify, measure, and manage the risks AI introduces, so they can show how they handle those risks instead of just listing their models.
Two things about it matter before anything else. It is voluntary, so nobody is fined for ignoring it. And it is not a certification, so there is no audit and no certificate at the end; you self-attest that you follow it. Its force comes from adoption. US federal guidance references it, insurers and enterprise buyers ask for it, and it has become the vocabulary American companies use to talk about AI risk. Search demand for it is up 142 percent year on year, which tracks with how often it now shows up in contracts.
The four functions
The heart of the framework is the Core, and the Core is four functions. Three of them (Map, Measure, Manage) run as a loop over a system's life; the fourth, Govern, sits underneath all of them as the culture and accountability everything else depends on. Each function breaks down into categories and subcategories, but you can hold the whole thing in your head with four questions.
| Function | What it is for | The question it answers |
|---|---|---|
| Govern | Sets the risk culture, policies, roles, and accountability the other three run inside. It cuts across all of them; it is not a stage you finish. | Who is accountable, what is our policy, and who signs off on a high-risk use case? |
| Map | Establishes context. Inventory every AI system, who it affects, and where it can fail, before you try to measure anything. | What AI are we actually running, for whom, and where could it go wrong? |
| Measure | Assesses, analyzes, and tracks the risks you mapped, using quantitative and qualitative methods (evaluation, bias testing, drift and adversarial monitoring). | How bad is each risk, and how do we know it stays under control? |
| Manage | Prioritizes and acts: mitigate, monitor in production, respond to incidents and drift, and feed the lessons back into Govern. | What do we do about it, and what happens when something breaks? |
The order is deliberate but not rigid. In practice you set up Govern and do a first pass at Map early, because you cannot measure or manage risk in systems you have not inventoried. The most common failure is skipping Map: teams build measurement dashboards that look thorough while missing the shadow AI tool a department signed up for on a credit card.
The seven trustworthiness characteristics
Underneath the functions, the RMF names the properties that make an AI system trustworthy. They are what Measure is measuring toward:
- valid and reliable
- safe
- secure and resilient
- accountable and transparent
- explainable and interpretable
- privacy-enhanced
- fair, with harmful bias managed
They pull against each other, which is the honest part. A more explainable model may be less accurate; tighter privacy can make monitoring harder. The framework does not resolve those tradeoffs for you; it asks you to make them on purpose and write down why.
Profiles: how you make it fit
A profile is how you turn the general framework into something specific to you. There are two kinds worth knowing. A use-case profile is a version of the functions and categories tailored to a setting, so a hospital and a bank apply the same framework very differently. NIST's own Generative AI Profile (NIST AI 600-1), published July 2024, is exactly this: it extends the Core with twelve GenAI-specific risks like hallucination, prompt injection, and data poisoning. A current-versus-target profile documents where your risk management is today against where you want it, which turns the framework into a roadmap. You can adopt an existing profile or write your own; most companies start from the GenAI Profile because that is what they are actually deploying.
Who it is for
Realistically, the person reading this is a compliance, security, risk, or legal lead who has been told to align with the RMF and does not have a machine-learning team to hand it to. The framework was written to be usable at that level. NIST positions it as flexible enough for a startup and rigorous enough to support an audit conversation, and it explicitly applies whether you build models yourself or, far more commonly, buy them from vendors. If your AI is Copilot, a few SaaS features, and a chatbot, the RMF still applies; you are just governing tools you did not build, which is its own kind of work.
How to actually apply it
Adoption is incremental, not a project with an end date. A realistic sequence for a medium-to-large company:
- Stand up Govern and inventory (Map) first. Name an owner, write a short AI policy, and list every AI system, vendor, and dataset. This alone puts most companies ahead of where they were, and it is the step teams most often skip.
- Tier the inventory by risk. Not every system needs the same scrutiny. A customer-facing model that affects a decision about a person needs far more than an internal drafting tool. Match the effort to the stakes.
- Overlay it on what you already run. If you have ISO 27001, SOC 2, or the NIST Cybersecurity Framework, map those controls to Govern and Manage first, then add AI-specific evidence (model cards, evaluations, drift monitoring) only where Map and Measure demand something new.
- Measure and manage the high-risk systems. Put evaluation, human oversight, and incident response on the systems that earned it in step two, and monitor them in production. Document the deferrals: which subcategories you are not doing yet, why, and what compensates.
- Pick or write a profile and iterate. Use the GenAI Profile or your own to make the target explicit, then revisit it. The framework is a loop, and NIST itself is still revising it.
That last point is the honest caveat. AI RMF 1.0 is being revised, a Critical Infrastructure profile concept note landed in April 2026, and more guidance is expected. Whatever you build, budget for re-reading the source a couple of times a year. This is a living baseline, not a one-time compliance push.
Where it fits with ISO 42001 and the EU AI Act
The RMF is one of three names that usually arrive together. The short version: the NIST AI RMF gives you a method, ISO/IEC 42001 gives you a certificate, and the EU AI Act gives you a legal deadline. They were built to interoperate, so you build controls once and map them to whichever regimes you answer to. We wrote the full side-by-side, capability by capability, in our AI compliance framework crosswalk, and the wider picture is on our AI governance hub.
What it does not give you
No certificate, no checklist you can pass, and no relief from any law. The RMF makes you better at reasoning about AI risk and better at showing your work; it does not, by itself, discover a shadow model, write your logging, or classify a system against the EU AI Act. Those are the doing, and the doing is where most programs stall. If you would rather have the framework applied to your actual systems than read about it, that is the fixed-scope AI risk assessment, and the standing version is AI governance consulting.
One line of hygiene: this page is general information, not legal advice. For obligations that apply to your specific systems, talk to counsel.
Questions people ask
- Is the NIST AI RMF mandatory?
- No. NIST states the framework is intended for voluntary use, and there is no NIST certification for it. It still matters in practice because US enterprises, insurers, and federal guidance treat it as the default reference, and contracts increasingly ask vendors to align with it.
- When was the NIST AI RMF released?
- AI RMF 1.0 was published on 26 January 2023, developed over about 18 months with more than 240 contributing organizations. The Generative AI Profile (NIST AI 600-1) followed on 26 July 2024, and NIST notes the 1.0 is now being revised.
- Does the NIST AI RMF have controls or a checklist?
- Not in the ISO or SOC 2 sense. The Core is organized as functions, categories, and subcategories that describe outcomes to aim for, not pass or fail controls. The companion AI RMF Playbook suggests concrete actions for each subcategory, which is the closest thing to a checklist NIST publishes.
- Is there a NIST AI RMF certification?
- No. NIST certifies no one against the AI RMF; you self-attest that you have adopted it. Training providers sell personal certificates in using the framework, but those are credentials for individuals, not certification of your organization. If you need third-party proof of an AI management system, that is what ISO/IEC 42001 is for.
- What is the difference between the NIST AI RMF and the NIST Cybersecurity Framework?
- The Cybersecurity Framework covers security risk across your infrastructure, networks, and data. The AI RMF covers risks specific to AI systems: harmful bias, model drift, unsafe outputs, explainability, and AI supply-chain risk. Many companies run the CSF as their security baseline and treat the AI RMF as an overlay for the AI-specific parts.
- How does the NIST AI RMF relate to ISO 42001 and the EU AI Act?
- They overlap heavily by design. NIST publishes an official crosswalk to ISO/IEC 42001, and adopting the RMF or ISO 42001 covers roughly 60 to 70 percent of the EU AI Act's management-system and risk-governance requirements. We mapped all three side by side, capability by capability, in our AI compliance framework crosswalk.
Tell us about the work.
A few lines is enough. We read every enquiry ourselves and reply within one business day.