NIST AI RMF

the american version of "please govern your AI" but voluntarily and without penalties, which is why everyone cites it and nobody implements it.

"we mapped all four NIST AI RMF functions to our org chart in a workshop. govern, map, measure, manage. then we went back to shipping models with no evaluation pipeline."
"our compliance team cited the NIST AI RMF in a board presentation. the board asked if we follow it. we said 'we're aligned with its principles.' nobody asked what that means and we're grateful."
"the generative AI profile added 200+ risks. i printed the crosswalk table and it's longer than our actual risk register. we are not ready."
Share this one
Canonical Definition

U.S. National Institute of Standards and Technology AI Risk Management Framework (AI 100-1), published January 2023. Organises AI risk management into four core functions: Govern (establish culture and structure), Map (contextualise and identify risks), Measure (assess and analyse risks), and Manage (prioritise and act on risks). The Generative AI Profile (AI 600-1), published July 2024, extends the framework with over 200 risks specific to large language models and generative AI systems. Voluntary, cross-sectoral, and designed to complement rather than replace sector-specific regulations.

Why It Matters

The NIST AI RMF is the most widely cited AI risk framework in the United States and, arguably, globally. Its four-function structure — Govern, Map, Measure, Manage — provides a common vocabulary for AI risk conversations across boardrooms, engineering teams, and regulatory bodies. When organisations say they “do AI risk management,” the RMF is what they are usually pointing at.

The framework’s power is also its limitation. It is voluntary. There are no certification bodies, no compliance audits, no penalties for non-adoption. Executive Order 14110 (October 2023) directed federal agencies to use the framework, which created real procurement-driven adoption pressure. But for private-sector organisations, the RMF remains a suggestion — a well-structured, well-researched suggestion that too many organisations reference in slide decks and ignore in practice.

The Generative AI Profile (AI 600-1) materially changed the framework’s relevance. By mapping over 200 LLM-specific risks to the existing GOVERN, MAP, MEASURE, and MANAGE functions, it provided the first government-backed risk taxonomy for generative AI. Organisations that had been struggling to articulate LLM risks to their boards suddenly had an authoritative reference. The Profile did not solve governance. It solved the vocabulary problem.

The Stress Test

Your organisation deploys a customer-facing generative AI assistant. A journalist asks your CEO how the company manages AI risk. The CEO cites the NIST AI RMF. The journalist asks three follow-up questions: Which of the four functions have you operationalised? What does your MAP function produce as output? How does your MEASURE function quantify hallucination risk?

Your CEO cannot answer any of them. The framework was cited in a strategy document eighteen months ago. No team was assigned to implement it. No risk categories were mapped to your actual AI systems. The framework exists in your governance narrative but not in your governance operations. The gap between citation and implementation is the story the journalist writes.

In the Wild

Executive Order — U.S. Federal Government, 2023
EO 14110 and the Procurement Signal

Executive Order 14110, signed October 2023, directed federal agencies to adopt the NIST AI RMF for managing AI risks in government systems. This turned a voluntary framework into a de facto procurement requirement: vendors selling AI to the U.S. government needed to demonstrate alignment with the RMF’s functions. The downstream effect was immediate — major technology companies began mapping their AI governance practices to the RMF’s structure, not because they were legally required to, but because their largest customer was.

When the buyer is the federal government, voluntary becomes mandatory through the purchase order.

Generative AI Profile — NIST AI 600-1, 2024
200+ Risks That Changed the Conversation

The Generative AI Profile identified risks across twelve categories including confabulation, data privacy, environmental impact, information security, and value chain complexity. Each risk was mapped to the RMF’s existing subcategories with suggested actions. For the first time, organisations had a government-endorsed taxonomy that named specific LLM risks — not abstract principles but concrete failure modes like “CBRN Information” and “Homogenization.”

The Profile turned the framework from a governance philosophy into a risk checklist. That specificity is what organisations needed and what principles-based documents cannot provide.

Cross-Border Mapping — Global Enterprises, 2024–2025
The Crosswalk Problem

Multinational organisations faced a practical challenge: mapping the NIST AI RMF to the EU AI Act, ISO/IEC 42001, and sector-specific regulations simultaneously. The RMF’s GOVERN function overlapped with but did not match ISO 42001’s leadership requirements. The MAP function addressed risk identification but used different categories than the EU AI Act’s risk classification system. Organisations discovered that “aligned with NIST” and “compliant with the AI Act” were different claims requiring different evidence.

Frameworks are not interchangeable. Crosswalk tables are where governance teams discover exactly how many gaps they actually have.

How to Govern It

A framework you cite but do not implement is a liability document, not a governance document.

Within the AI Control Index, NIST AI RMF governance maps to:

  • GRC (S1) — The RMF’s GOVERN function maps directly to the GRC shield. Policy frameworks, risk appetite statements, accountability structures, and the evidence artifacts that prove governance is operational, not aspirational.
  • Strategy (L1) — The RMF’s MAP function — understanding context, stakeholders, and risk categories — is strategic governance. It determines which risks matter to your organisation, not which risks exist in the abstract.
  • Observability (S4) — The MEASURE function requires quantification. That means runtime monitoring, evaluation pipelines, drift detection, and metrics that answer “how much risk do we have right now?” — not “how much risk did we estimate at deployment?”
  • Applications & Agents (L4) — The MANAGE function operationalises risk treatment at the system level. Circuit breakers, escalation paths, human-in-the-loop triggers, and the decision architecture that determines what happens when a risk materialises.
  • Security (S2) — The Generative AI Profile’s information security risks map to the Security shield, including prompt injection, data poisoning, and model extraction threats catalogued in the OWASP LLM Top 10.

When It's Relevant

Any organisation developing, deploying, or procuring AI systems — especially those operating in or selling to the U.S. market. The NIST AI RMF is particularly relevant when:

  • You sell AI products or services to the U.S. federal government and need to demonstrate RMF alignment
  • You need a common vocabulary for AI risk conversations across technical and non-technical stakeholders
  • You deploy generative AI and need a structured risk taxonomy (the AI 600-1 Profile)
  • You operate across jurisdictions and need to build crosswalks between U.S. and EU governance frameworks
  • Your board or audit committee has asked for an AI risk assessment and you need a credible framework to structure it

See this control in the framework. NIST AI RMF governance is operationalised across S1, L1, S4, L4, and S2 in the AI Control Index v6.0.

Open Framework →

Related Terms

References

  1. [1] NIST (2023) Artificial Intelligence Risk Management Framework (AI RMF 1.0). National Institute of Standards and Technology, U.S. Department of Commerce. NIST AI 100-1. Available at: nist.gov/artificial-intelligence.
  2. [2] NIST (2024) Artificial Intelligence Risk Management Framework: Generative AI Profile (AI 600-1). National Institute of Standards and Technology, U.S. Department of Commerce. Available at: airc.nist.gov/Docs/1.
  3. [3] The White House (2023) Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. Executive Order 14110, 30 October 2023.
  4. [4] ISO/IEC (2023) ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system. International Organization for Standardization.
  5. [5] Tabassi, E. (2023) ‘AI Risk Management Framework: NIST AI 100-1’, in Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society. doi: 10.1145/3600211.3604752.
  6. [6] European Parliament and Council (2024) Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act). Official Journal of the European Union.
  7. [7] Raji, I.D., Smart, A., White, R.N., Mitchell, M., Gebru, T., Hutchinson, B., Smith-Loud, J., Theron, D. and Barnes, P. (2020) ‘Closing the AI Accountability Gap: Defining an End-to-End Framework for Internal Algorithmic Auditing’, Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency (FAT*), pp. 33–44.

AI Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0

By Jeroen Janssen, Apparens