NIST AI Risk Management Framework (AI RMF 1.0)

United States (voluntary, but increasingly referenced by regulators)Published January 2023. Widely adopted as the US baseline for AI risk management.

The NIST AI Risk Management Framework is a voluntary, non-regulatory framework designed to help organizations manage risks associated with AI throughout its lifecycle. It is structured around four core functions: Govern, Map, Measure, and Manage. While voluntary, it is rapidly becoming the de facto standard referenced by US regulators and is likely to be the benchmark for the upcoming federal AI legislation.

Who It Applies To

Any organization developing, deploying, or using AI systems. Especially relevant for US federal contractors, regulated industries (financial services, healthcare, critical infrastructure), and companies seeking to demonstrate AI governance maturity.

Key Dates & Deadlines

January 26, 2023NIST AI RMF 1.0 published

October 30, 2023Executive Order 14110 references NIST AI RMF for federal AI governance

March 20, 2026White House AI framework calls for NIST AI RMF as the national standard

Key Requirements

GOVERN: Establish AI governance structures, policies, and organizational accountability
MAP: Contextualize AI risks by understanding system design, deployment context, and stakeholders
MEASURE: Quantify AI risks using appropriate metrics, testing, and monitoring
MANAGE: Prioritize and respond to identified AI risks with mitigation strategies
Trustworthiness characteristics: valid, reliable, safe, secure, fair, transparent, accountable, privacy-enhanced
Lifecycle-stage risk management from design through deployment and retirement
Third-party AI risk assessment for vendors and supply chain

Penalties & Enforcement

None directly (voluntary framework). However, failure to adopt recognized risk management practices like NIST AI RMF may increase liability exposure. The framework is increasingly referenced in regulatory guidance and procurement requirements.

Quick Compliance Checklist

Get started with these essential steps. For a full automated assessment, start your free trial.

1Map all AI systems to NIST AI RMF functions
2Establish AI governance committee or accountability structure
3Define organizational risk tolerance for AI systems
4Conduct risk assessments across all four functions
5Implement measurement metrics for trustworthiness characteristics
6Create AI incident response and escalation procedures
7Document third-party AI vendor risk assessments
8Schedule periodic framework maturity assessments

Recent NIST AI RMF Changes

View all

highJan 26, 2023

NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0)

highMar 14, 2026

NIST AI 600-1: Generative AI Risk Profile Published

Check Your NIST AI RMF Compliance

Register your AI systems and get automated risk classification, gap analysis, and audit-ready documentation for NIST AI RMF.

Start Free Trial