NIST AI Risk Management Framework (AI RMF)
A voluntary framework published by the U.S. National Institute of Standards and Technology that provides structured guidance for managing AI risks through four core functions: Govern, Map, Measure, and Manage. It's designed to be flexible, sector-agnostic, and compatible with other risk management frameworks.
Why It Matters
The NIST AI RMF is the most widely adopted AI risk framework in the U.S. and increasingly used globally. Its practical, function-based structure gives organizations a concrete starting point for AI risk management without requiring certification.
Example
A mid-size insurance company adopts the NIST AI RMF to structure its AI governance program: using GOVERN to set policies, MAP to inventory AI systems and identify risks, MEASURE to establish fairness metrics, and MANAGE to define incident response procedures.
Think of it like...
The NIST AI RMF is like a GPS for AI risk management — it doesn't drive the car for you, but it provides the map, the route options, and the turn-by-turn guidance to reach your destination.
Related Terms
GOVERN (NIST AI RMF)
The cross-cutting function of the NIST AI RMF focused on establishing and maintaining the organizational policies, processes, procedures, and practices needed for AI risk management. Unlike Map, Measure, and Manage — which apply to individual AI systems — GOVERN applies across the entire organization.
MAP (NIST AI RMF)
The NIST AI RMF function focused on establishing context, identifying risks, and understanding an AI system's purpose, stakeholders, and potential impacts. MAP activities include defining the use case, identifying affected populations, assessing benefits and costs, and cataloguing risks before development begins.
MEASURE (NIST AI RMF)
The NIST AI RMF function focused on quantifying, assessing, and tracking identified AI risks using metrics, tests, and evaluation methods. MEASURE activities include bias testing, performance benchmarking, explainability assessment, and security evaluation across the AI lifecycle.
MANAGE (NIST AI RMF)
The NIST AI RMF function focused on allocating resources, prioritizing actions, and responding to AI risks based on insights from the Map and Measure functions. MANAGE activities include risk prioritization, mitigation implementation, incident response, continuous monitoring, and decommissioning decisions.