We value your privacy

We use necessary cookies to run the site and, with your consent, analytics and marketing cookies to improve it. You can change your choice anytime. Privacy Policy

  • Security
  • Pricing
Book a scoping call
  1. Help Center
  2. Compliance & frameworks
  3. NIST AI Risk Management Framework (AI RMF)
Browse categories
Getting started
Shield Control
Shield Web
Policies & presets
Compliance & frameworks
  • DIFC Regulation 10 — AI & autonomous systems
  • EU AI Act Article 26 — Deployer obligations
  • EU AI Act Article 4 — AI literacy
  • EU AI Act Article 5 — Prohibited practices
  • GDPR Article 32 — Security of processing
  • GDPR Article 5 — Principles of processing
  • GDPR Article 6 — Lawfulness of processing
  • Illinois HB 3773 — AI in employment
  • ISO/IEC 42001 — AI management system
  • Korea AI Basic Act — trustworthy AI obligations
  • NIST AI Risk Management Framework (AI RMF)
  • NYC Local Law 144 — Automated employment decision tools
Admin & security
Troubleshooting
FAQ
Getting started
Shield Control
Shield Web
Policies & presets
Compliance & frameworks
  • DIFC Regulation 10 — AI & autonomous systems
  • EU AI Act Article 26 — Deployer obligations
  • EU AI Act Article 4 — AI literacy
  • EU AI Act Article 5 — Prohibited practices
  • GDPR Article 32 — Security of processing
  • GDPR Article 5 — Principles of processing
  • GDPR Article 6 — Lawfulness of processing
  • Illinois HB 3773 — AI in employment
  • ISO/IEC 42001 — AI management system
  • Korea AI Basic Act — trustworthy AI obligations
  • NIST AI Risk Management Framework (AI RMF)
  • NYC Local Law 144 — Automated employment decision tools
Admin & security
Troubleshooting
FAQ

NIST AI Risk Management Framework (AI RMF)

Updated July 6, 2026·1 min readAll plans

Note: this explainer is informational and framework references are never a compliance guarantee — align your program with your legal counsel.

The NIST AI Risk Management Framework (AI RMF 1.0) was released by the U.S. National Institute of Standards and Technology on 26 January 2023. It is a voluntary, rights-preserving, sector-agnostic framework to help organisations manage the risks of AI and promote trustworthy, responsible use. Official resource: NIST — AI Risk Management Framework; framework text (PDF): NIST AI 100-1.

Who it applies to

The AI RMF is designed for any organisation that designs, develops, deploys, or uses AI systems. It is voluntary — there is no certification — but it is widely used as the shared vocabulary for AI risk, and it crosswalks to other frameworks including the EU AI Act and ISO/IEC 42001.

The four functions

The framework organises AI risk work into four functions:

  • Govern — establish organisational accountability, policies, and oversight for AI risk (a culture, not a one-off).
  • Map — establish the context and identify the risks of a specific AI system or use.
  • Measure — analyse and track those risks with qualitative and quantitative methods.
  • Manage — allocate resources to treat risks, document residual risk, and respond to incidents.

Govern, Map, and Manage all assume you can see and control how AI is actually used — which is where an operating layer helps.

How Shield maps to it

Shield supplies operational inputs to several functions:

  • Govern / Manage — enforceable policies and enforcement modes and role-based control turn oversight into applied rules.
  • Map — Discovery establishes the real context: which AI tools are in use, by whom.
  • Measure / Manage — the audit log tracks AI usage over time and gives an exportable record for incident response.

Applying the ISO 42001 / NIST bundle from the preset library turns these into framework-labelled policies in minutes.

Was this article helpful?

Related articles

Apply policy presets and bundles

Deploy compliance-ready policies from the preset library — EU AI Act, GDPR, DIFC, Korea AI Basic Act, US AI in Employment, and ISO 42001/NIST bundles.

Read article

ISO/IEC 42001 — AI management system

ISO/IEC 42001 is the world's first AI management system standard. What an AIMS requires, who it is for, and how Shield contributes operational controls toward it.

Read article

DIFC Regulation 10 — AI & autonomous systems

DIFC Regulation 10 governs personal data processed through autonomous and semi-autonomous systems. Who counts as Deployer and Operator, the core duties, and how Shield helps you meet them.

Read article

EU AI Act Article 26 — Deployer obligations

Article 26 defines your duties when deploying high-risk AI — applicable from December 2027 under the Digital Omnibus. What paragraphs (1), (5), and (6) require and how Shield prepares you now.

Read article

Still stuck?

Send us the details — we answer within one business day.

Contact support

On this page

  • Who it applies to
  • The four functions
  • How Shield maps to it

Subscribe to our newsletter

Product and governance updates — see our privacy policy.

AI security and control for every model your team uses.

Built in Dubai. Designed for teams operating across regions, models, and regulatory environments.

  • Product

    • Shield Web
    • Shield Control
    • Shield Desktop
    • Shield Mobile
    • Pricing
    • Download
  • Solutions

    • For CISOs
    • For Operations
    • For AI Teams
  • Use Cases

    • AI Governance
    • AI Agent Security
    • LLM Access Control
    • Secure AI Deployment
    • Enterprise Operations
    • Financial Services
  • Resources

    • Help Center
    • Blog
    • Guides
    • Glossary
    • Changelog
    • AI Risk Calculator
    • Compare
    • FAQ
  • Company

    • About
    • Careers
    • Security & Trust
    • Contact
  • Legal

    • Legal
    • Privacy
    • Terms
    • GDPR / DPA

© 2026 Qadar AI. All rights reserved. EU data residency available for Enterprise customers.