137AI > Compliance & Conformity > NIST AI Risk Management Framework
NIST AI Risk Management Framework
The NIST AI Risk Management Framework (AI RMF 1.0) is the US voluntary framework for managing AI risks, published by the National Institute of Standards and Technology in January 2023. The framework was developed through multi-stakeholder process under Congressional direction in the National AI Initiative Act of 2020. The framework is voluntary but has become operationally significant through federal adoption requirements, procurement references, executive branch alignment, and substantial private sector engagement.
The framework pairs with the other major horizontal AI frameworks covered separately. EU AI Act Conformity Assessment addresses the binding EU regulatory framework. ISO/IEC 42001 addresses the certifiable international management system standard. NIST AI RMF addresses the US-side voluntary risk management framework. The three frameworks combine to produce the major horizontal AI compliance landscape that operators worldwide engage. This page covers NIST AI RMF specifically including the structure, supporting materials, federal adoption, sector application, and operator implementation.
What Makes NIST AI RMF Distinctive
NIST AI RMF has methodological and institutional properties that distinguish it from the other major horizontal AI frameworks.
The framework is voluntary by design. NIST publications generally are not regulatory mandates; the institute develops standards and guidance that operators may adopt voluntarily. The voluntary nature shapes how the framework operates: through adoption rather than enforcement, through alignment rather than compliance, through influence rather than authority.
The framework is risk-focused. The four core functions all address dimensions of risk management. The structure differs from management system standards including ISO/IEC 42001 that address broader organizational practice, and from regulatory frameworks including the EU AI Act that combine risk-based approach with binding obligations.
The framework is multi-stakeholder developed. The Congressional direction required NIST to develop the framework through engagement with diverse stakeholders including industry, civil society, academia, and government. The development process shaped the framework's content and supports its broad legitimacy.
The framework is technology-agnostic. The structure applies to AI applications across sectors, technologies, and deployment contexts. Specific applications may require additional sector-specific work, but the framework foundation is broadly applicable.
The framework has substantial supporting infrastructure. The AI RMF Playbook provides operational guidance; Profiles provide application-specific adaptations; Crosswalks support integration with other frameworks. The supporting materials extend the framework's operational utility.
The framework operates within broader NIST AI work. NIST publications including SP 1270 on bias in AI, the AI Safety Institute work, and various technical publications combine to produce the broader NIST contribution to AI practice.
The Four Core Functions
NIST AI RMF is structured around four core functions that organize AI risk management practice. The functions are not sequential phases but interrelated practices that operate together.
| Function | Purpose | Key Practices |
|---|---|---|
| Govern | Cultivate a culture of risk management throughout the organization and across the AI lifecycle | Policies and procedures, accountability structures, workforce development, third-party engagement, transparency, ongoing oversight |
| Map | Establish context for the AI system and identify risks within that context | Context identification, intended use definition, capabilities and limitations specification, impact assessment on individuals and society, risk identification |
| Measure | Analyze, assess, benchmark, and monitor AI risks and related impacts | Risk analysis methodology, evaluation approaches, performance metrics, ongoing monitoring, tracking effectiveness of risk responses |
| Manage | Prioritize identified risks and act on them based on analysis and measurement | Risk prioritization, treatment selection, resource allocation, response implementation, continuous improvement |
The functions are designed to be implemented iteratively rather than as one-time activity. Risk management is ongoing practice that the framework structures rather than prescribing specific practices.
Govern is foundational because it establishes the organizational infrastructure that the other functions depend on. Without governance commitment, risk management practice operates without authority or sustainability. The function addresses culture, accountability, and the broader organizational dimension of risk management.
Map establishes what the organization is actually trying to manage risks of. The function addresses the specific AI system, the deployment context, the intended use, and the affected parties. Without Map, subsequent risk analysis operates on unclear scope.
Measure provides the analytical infrastructure for risk management. The function addresses how risks are assessed, what metrics support evaluation, and how effectiveness is tracked over time. Without Measure, risk management operates without analytical foundation.
Manage addresses what the organization actually does about identified and measured risks. The function addresses prioritization, treatment selection, resource allocation, and response implementation. Without Manage, the prior functions produce documentation without operational consequence.
Supporting Materials
NIST has developed substantial supporting materials that extend AI RMF operational utility beyond the core framework document.
The AI RMF Playbook provides detailed guidance on implementing the framework. The Playbook addresses each subcategory within the four functions with specific actions, suggested implementation approaches, and references to other resources. The Playbook supports operators in translating framework concepts into operational practice.
Profiles provide application-specific adaptations of the framework. NIST has published Profiles for specific contexts including the Generative AI Profile (NIST AI 600-1) that addresses risks specific to generative AI. Additional profiles continue to develop for specific applications, sectors, and use cases.
Crosswalks support integration with other frameworks. NIST has published crosswalks between AI RMF and related frameworks including ISO/IEC standards, the EU AI Act, and other risk management frameworks. The crosswalks help operators leverage existing compliance infrastructure for AI RMF implementation.
The AI RMF Knowledge Base provides ongoing reference material developing alongside the framework. The knowledge base includes case studies, technical guidance, and broader resources supporting framework application.
NIST AI 100 series publications address specific technical dimensions including bias (SP 1270), explainable AI (IR 8312), and additional topics that combine with the AI RMF to produce comprehensive AI guidance.
The supporting materials continue to develop. The framework operates as evolving resource rather than fixed document, with ongoing NIST work expanding the supporting infrastructure.
The Generative AI Profile
NIST released the AI RMF Generative AI Profile (NIST AI 600-1) in July 2024. The profile addresses risks specifically arising from generative AI that the general AI RMF addresses at framework level. The profile represents one of the most substantive NIST extensions of the core framework.
The profile identifies specific risks associated with generative AI including CBRN information risks, confabulation and accuracy concerns, dangerous or violent recommendations, data privacy, environmental impacts, harmful bias and homogenization, human-AI configuration, information integrity, information security, intellectual property, obscene degrading sexual content, value chain and component integration, and additional categories.
The profile maps each risk category to specific AI RMF subcategories and provides suggested actions for addressing the risks. The mapping supports operators in applying the core framework to generative AI contexts with specific guidance rather than only generic risk management methodology.
The profile addresses both technical and operational dimensions. Technical considerations include evaluation methodology, monitoring infrastructure, and specific safety measures. Operational considerations include documentation, transparency, human oversight, and broader organizational practice.
The profile has been substantively adopted by operators of generative AI. Major AI vendors have referenced the profile in their safety publications; operators deploying generative AI have engaged the profile in their risk management practice; the profile influences broader practice through its specific guidance on generative AI risks.
The profile development continues. Additional NIST work on generative AI continues to develop the framework alongside the rapidly developing technology and deployment landscape.
Federal Adoption Patterns
Federal adoption of the AI RMF has produced substantial operational consequence despite the framework's voluntary nature.
OMB Memorandum M-24-10, issued in March 2024, established requirements for federal agencies to manage AI risks. The memorandum references the AI RMF as foundational framework and requires agency practice consistent with AI RMF approach. The memorandum applies to federal civilian agencies with subsequent guidance applying to defense and intelligence community contexts.
Executive Order 14110 on AI safety, security, and trustworthy AI, issued by the Biden administration in October 2023, specifically directed NIST work on AI safety including the AI RMF development. The executive order produced substantial federal infrastructure for AI risk management that the AI RMF supports.
Federal procurement increasingly references AI RMF compliance. Federal agencies procuring AI products and services may require AI RMF-aligned practice from vendors. The procurement pressure produces operational pressure for vendors regardless of the formally voluntary nature of the framework.
Federal agency adoption varies. Some agencies have substantially integrated AI RMF into their AI governance; others have engaged it more limitedly. The variance reflects agency-specific factors including AI deployment scale, mission considerations, and broader agency culture around risk management.
State and local government adoption has been developing. Various state agencies have referenced AI RMF in their AI work; the pattern is uneven but expanding. The framework provides foundation that subnational governments adapt to their contexts.
The 2025 administration change has produced policy adjustments to federal AI governance. EO 14110 was rescinded with subsequent federal AI policy continuing to evolve. The specific status of AI RMF within federal policy continues to develop alongside broader administration priorities. The framework's substantive content remains operationally significant even as the formal policy framework evolves.
The AI Safety Institute Connection
The NIST AI Safety Institute (AISI) operates within NIST and conducts AI safety work that intersects with the broader AI RMF.
The institute was established in 2023 following Executive Order 14110 and conducts pre-deployment evaluation of frontier AI models, develops safety methodology, and coordinates internationally on AI safety. The institute's work supports the broader AI RMF by providing evaluation infrastructure and methodology that operators can engage.
The institute has partnership arrangements with major AI vendors including Anthropic, OpenAI, and others that provide pre-deployment access to frontier models. The arrangements support institute evaluation of models before broad release.
The Memorandum of Understanding between the US AISI and UK AISI establishes formal coordination between the two institutes. The arrangement supports joint evaluation work, shared methodology, and coordinated approach to frontier model safety. Similar arrangements with additional national AI Safety Institutes continue to develop.
The institute publications including evaluation methodologies, safety findings, and technical guidance combine with the AI RMF to produce comprehensive NIST contribution to AI safety practice. The institute work continues to develop alongside the broader AI RMF.
The 2025 administration changes have produced uncertainty about the institute's specific status and future. The institute's substantive work continues to operate while the broader policy context evolves. The infrastructure built through the institute work remains operationally significant for AI safety practice.
International Influence
Despite being US-specific, the AI RMF influences international practice through several channels.
Bilateral coordination through specific arrangements including US-UK AISI MoU, US-EU TTC work, and other bilateral channels brings AI RMF approach into international discussion. The bilateral channels have been particularly productive for substantive coordination.
OECD work on AI policy engages with AI RMF approach. The OECD AI Principles and the broader OECD AI work include considerations consistent with AI RMF framing. The OECD's substantial international influence extends AI RMF approach beyond US borders.
G7 AI policy work including the Hiroshima AI Process engages with frameworks consistent with AI RMF approach. The international coordination work extends framework influence through political coordination among major economies.
Industry adoption by AI vendors operating internationally extends framework influence. Major AI vendors implementing AI RMF for US operations often extend the practice globally given the cost of differentiated practice across jurisdictions. The pattern produces de facto international influence through operator practice.
Academic engagement with the AI RMF extends through international research community. The framework has been substantively engaged in academic AI policy work globally, with influence on both academic discussion and policy development in multiple jurisdictions.
The aggregate international influence operates without formal international legal status. The framework's substantive content shapes practice internationally through alignment, adoption, and reference rather than through binding obligation.
Relationship to Other Frameworks
The AI RMF operates alongside several other major frameworks that organizations engage simultaneously.
The EU AI Act addresses AI through binding regional regulation. The detailed treatment appears in EU AI Act Conformity Assessment. AI RMF and EU AI Act compliance can be pursued together with the NIST framework supporting risk management practice that the EU framework requires. NIST has published Crosswalk material supporting the integration.
ISO/IEC 42001 addresses AI management systems through certifiable international standard. The detailed treatment appears in ISO/IEC 42001. AI RMF and ISO/IEC 42001 address overlapping territory through different methodological approaches; organizations may engage both with substantial leveraging across frameworks.
Sector-specific frameworks including FDA medical AI guidance, CFPB consumer financial AI guidance, EEOC employment AI guidance, and equivalent sector frameworks operate alongside AI RMF. The sector frameworks address sector-specific requirements within the broader AI RMF framework.
UL 4600 addresses autonomous product safety. The detailed treatment appears in UL 4600. AI RMF and UL 4600 address different scope but combine in autonomous vehicle and similar applications.
NIST cybersecurity frameworks including the Cybersecurity Framework, SP 800-series publications, and the broader NIST cybersecurity infrastructure operate alongside AI RMF. The cybersecurity frameworks address cybersecurity dimensions while AI RMF addresses broader AI risk dimensions.
State-level AI regulation including the Colorado AI Act, California AB 2013, NYC Local Law 144, and various state attorney general enforcement frameworks operate alongside AI RMF. State frameworks may reference AI RMF or use the framework as foundation for state-specific requirements.
The aggregate framework landscape produces operational complexity that operators navigate through deliberate integration. Mature implementation leverages AI RMF infrastructure across multiple compliance contexts rather than treating each framework as separate burden.
Operator Implementation Patterns
Operators implementing AI RMF face several common patterns and considerations.
Existing risk management infrastructure provides foundation. Organizations with mature enterprise risk management, cybersecurity risk management, or operational risk management can leverage that infrastructure for AI risk management. The leverage produces more efficient implementation than building parallel infrastructure.
Scoping decisions shape implementation. The AI RMF can apply across all AI activities or to specific high-priority AI systems. Scoping affects implementation cost, audit complexity, and operational consequence. Mature operators make scoping decisions deliberately based on AI risk priorities.
Cross-functional engagement supports effective implementation. AI risk management spans engineering, operations, legal, compliance, and broader organizational functions. Mature implementation includes cross-functional governance that integrates relevant disciplines.
Documentation infrastructure supports framework requirements. AI RMF implementation produces substantial documentation including risk assessments, evaluation results, governance records, and ongoing monitoring records. The documentation supports both internal practice and external engagement.
Tooling for AI risk management has been developing. Specific AI risk management platforms, integration with broader GRC platforms, and emerging vendor solutions support operator implementation. The tooling continues to mature.
External engagement extends implementation effectiveness. Third-party assessment, AI Safety Institute engagement where applicable, customer engagement on AI RMF practice, and broader stakeholder communication all contribute to substantive implementation.
Ongoing development addresses the evolving framework. NIST continues to develop AI RMF supporting materials; operator implementation continues to mature alongside framework development. The discipline is ongoing rather than one-time implementation.
Limitations and Criticism
The AI RMF has faced substantive criticism that warrants direct treatment.
The voluntary nature limits enforcement. Operators that choose not to engage the framework face no formal consequence from NIST. The framework's influence depends on adoption pressure from other sources rather than direct mandate.
The framework provides foundation without prescribing specific practices. Critics argue this is too permissive because operators have substantial discretion in implementation. The criticism extends to whether the framework provides adequate floor on AI risk management practice.
External validation infrastructure is limited. Unlike ISO/IEC 42001 which is certifiable, AI RMF implementation is not externally validated through standard certification processes. The absence of external validation produces operational variance across operators.
The framework does not address all AI considerations. Considerations including broader societal effects, distributional consequences, and the macro-scale dynamics that the flagship analytical pieces develop are not within the framework's specific scope.
The political dimension affects framework status. Federal AI policy changes affect the framework's status within US government operation; the substantive content continues to operate while the political context evolves. The political variance produces uncertainty about long-term framework trajectory.
The framework operates as foundation rather than complete approach. Organizations implementing AI RMF alone may produce nominal risk management practice without substantive impact. The framework supports substantive practice without guaranteeing it; operators that engage rigorously produce different outcomes than operators that engage minimally.
The criticism does not establish that AI RMF is inadequate; the framework is widely regarded as substantive infrastructure for AI risk management. The criticism establishes that the framework operates as foundation requiring substantive operator engagement and supporting infrastructure to produce operational effectiveness.
What AI RMF Does Not Solve
The framework has real limits.
AI RMF does not establish that specific AI systems are safe. The framework addresses risk management practice rather than specific product safety. Organizations implementing the framework may still deploy AI products with substantive concerns; the framework establishes practice without guaranteeing outcomes.
AI RMF does not replace regulatory compliance. Organizations operating in EU markets still need EU AI Act compliance; organizations in regulated sectors still need sector-specific regulatory compliance. The framework supports compliance with regulatory requirements without substituting for them.
AI RMF does not replace technical standards. The framework operates at risk management level rather than specifying technical practices. Technical work continues to require sector-specific and technology-specific standards.
AI RMF certification does not exist in standard ISO sense. The voluntary nature means there is no formal certification of AI RMF compliance comparable to ISO/IEC 42001 certification. The absence affects how operators can demonstrate AI RMF alignment to stakeholders.
AI RMF does not address all relevant AI dimensions. The framework focuses on risk management; broader considerations including ethics, broader societal effects, and contested policy questions are not within the framework's specific scope.
AI RMF is a moving framework. The framework will continue to develop through revisions, supporting material development, and policy context changes. Current implementations may need to adapt as the framework evolves.
The Reframe
The NIST AI Risk Management Framework is the US-side voluntary framework for AI risk management, organized around the four core functions of Govern, Map, Measure, and Manage. The framework was developed through multi-stakeholder process under Congressional direction and has become operationally significant through federal adoption, procurement references, and substantial private sector engagement despite its voluntary nature. Supporting materials including the AI RMF Playbook, Profiles including the Generative AI Profile, Crosswalks, and the broader NIST AI publications extend the framework's operational utility. Federal adoption through OMB M-24-10, executive orders, federal procurement, and agency-specific adoption has produced substantial federal consequence. The NIST AI Safety Institute operates within NIST and conducts AI safety work that intersects with the broader framework. International influence operates through bilateral coordination, OECD work, G7 AI policy, industry adoption, and academic engagement. The relationship to other frameworks including EU AI Act, ISO/IEC 42001, sector-specific frameworks, UL 4600, NIST cybersecurity frameworks, and state-level AI regulation produces operational complexity that organizations navigate through deliberate integration. Operator implementation patterns include existing risk management leverage, scoping decisions, cross-functional engagement, documentation infrastructure, tooling development, external engagement, and ongoing development. Criticism addresses the voluntary nature limiting enforcement, foundation without prescription, limited external validation, scope limitations, political dimension, and operation as foundation rather than complete approach. The framework has real limits including not establishing product safety, not replacing regulatory compliance, not replacing technical standards, no standard certification, not addressing all AI dimensions, and being a moving framework. The work of building adequate AI RMF implementation across the US AI ecosystem is one of the substantive risk management projects the agentic AI era requires, and the framework's continued development alongside the broader AI policy landscape continues to shape practice.
Related Coverage
Compliance & Conformity | ISO/IEC 42001 | EU AI Act Conformity Assessment | Standards Bodies