NIST AI Risk Management Framework
The NIST AI Risk Management Framework (AI RMF) is a voluntary framework for managing AI risks and building trustworthy AI. Learn its four core functions and how to apply it.
Why the AI RMF exists
AI systems introduce risks that traditional software risk management does not fully address: models can behave unpredictably, degrade over time, encode harmful bias, expose private data, or be manipulated through their inputs. These risks span the full lifecycle — from data collection and design through deployment and ongoing operation — and they affect not only the deploying organization but also individuals and society.
NIST developed the AI RMF in response to a Congressional directive, through an open, multi-stakeholder process. The goal was a practical, flexible resource that helps organizations identify and manage AI risks while improving their ability to build systems that are worthy of trust. Because it is voluntary and technology-neutral, it is designed to be used alongside — not in place of — existing risk, security, and privacy programs.
The four core functions
The heart of the framework is the AI RMF Core: four functions that organize the activities of managing AI risk. They are not strictly sequential. GOVERN is cross-cutting and informs the other three, which are applied iteratively throughout the AI lifecycle. Each function is broken down into categories and subcategories that describe specific outcomes to work toward.
| Function | Role | What it covers |
|---|---|---|
| GOVERN | Cross-cutting culture and accountability | Establishes the policies, processes, roles, and accountability structures for managing AI risk across the organization. Cultivates a risk-aware culture and connects technical work to organizational values, legal obligations, and oversight. Informs and is present throughout the other three functions. |
| MAP | Context and risk identification | Frames the context in which an AI system operates and identifies the risks tied to that context — intended purpose, stakeholders, capabilities, limitations, and potential impacts. Establishes the understanding needed to decide whether to proceed and what to measure. |
| MEASURE | Assessment, analysis, and tracking | Uses quantitative, qualitative, and mixed methods to analyze, assess, benchmark, and monitor the risks identified in MAP. Evaluates AI systems against the characteristics of trustworthy AI and tracks metrics over time. |
| MANAGE | Prioritizing and acting on risk | Allocates resources to the risks that have been mapped and measured, prioritizing them based on impact. Implements responses — mitigation, monitoring, or acceptance — and plans for recovery, incident response, and continuous improvement. |
GOVERN as the foundation
GOVERN is treated separately because it underpins everything else. Without clear ownership, documented policies, and accountability, the work done in MAP, MEASURE, and MANAGE has no durable home. GOVERN is where an organization decides its risk tolerance, defines who is responsible for AI outcomes, and ensures that legal, ethical, and compliance considerations are built into the lifecycle rather than bolted on afterward.
The iterative loop
In practice, organizations cycle through MAP, MEASURE, and MANAGE continuously. New context emerges, measurements reveal previously unseen risks, and management responses change the system — which in turn requires remapping. The framework is explicitly designed to be revisited as systems and their environments evolve, not completed once.
The characteristics of trustworthy AI
The AI RMF defines risk management in service of a goal: trustworthy AI. It describes seven characteristics that trustworthy AI systems should exhibit. The framework notes that these characteristics can involve trade-offs, and that balancing them is a context-specific judgment rather than a fixed formula.
- Valid and reliable — the system performs as intended, accurately and consistently, under expected conditions. NIST treats this as a baseline necessary condition for trustworthiness.
- Safe — the system does not, under defined conditions, lead to states that endanger human life, health, property, or the environment.
- Secure and resilient — the system can withstand adversarial attacks, unexpected inputs, and changes in its environment, and can recover or degrade gracefully.
- Accountable and transparent — information about the system is available to the people who need it, and clear lines of responsibility exist for its outcomes.
- Explainable and interpretable — the mechanisms behind a system's output and the meaning of that output in context can be understood by relevant stakeholders.
- Privacy-enhanced — the system safeguards human autonomy, identity, and dignity, applying practices that protect personal data and limit intrusion.
- Fair, with harmful bias managed — the system addresses concerns about equality and equity, and identifies and mitigates harmful bias across systemic, computational, and human dimensions.
No single characteristic is sufficient on its own, and pursuing one can constrain another — for example, increasing interpretability may affect performance, or maximizing accuracy may raise privacy concerns. The framework asks organizations to make these trade-offs deliberately and to document the reasoning.
Supporting resources and profiles
The AI RMF is accompanied by a companion Playbook, a practical resource that suggests concrete actions, references, and documentation for achieving the outcomes described in each function, category, and subcategory. The Playbook is advisory: organizations select the suggestions relevant to their context rather than implementing all of them.
NIST also publishes profiles — use-case or sector-specific implementations of the framework. Most notably, the Generative AI Profile (released in July 2024 as NIST AI 600-1) was developed in response to an Executive Order and identifies risks that are unique to or amplified by generative AI, along with actions, drawn from the Core, that organizations can take to manage them. Profiles let organizations tailor the general framework to a specific class of system without starting from scratch.
How the AI RMF relates to other frameworks
The AI RMF is intentionally compatible with existing governance and security efforts. Organizations already using risk frameworks such as the NIST Cybersecurity Framework or ISO management-system standards can map AI RMF outcomes onto those programs rather than running a parallel process. Because it focuses on outcomes rather than prescriptive controls, it also complements emerging AI regulation — including the EU AI Act — by giving teams a vocabulary and structure for the risk-management practices that such regulation increasingly expects.
