NIST AI RMF
The NIST AI Risk Management Framework is a voluntary US framework for managing risks of AI systems across the lifecycle, organised around the functions Govern, Map, Measure, and Manage.
What is NIST AI RMF?
Published in January 2023, the NIST AI RMF is widely used by US enterprises and increasingly referenced internationally. It is technology-neutral and outcome-focused, emphasising trustworthy characteristics: valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with bias managed. The 2024 Generative AI Profile adds specific guidance for foundation models.
How does NIST AI RMF apply to enterprise AI?
Enterprises subject to US sectoral regulators (FDA, FTC, OCC) often map their controls to the NIST AI RMF. The framework also pairs cleanly with ISO 42001 and the EU AI Act for a single multi-jurisdiction control set.
Related terms
- AI Risk Management - AI risk management is the discipline of identifying, assessing, mitigating, and monitoring the harms an AI system can cause across its lifecycle.
- ISO 42001 - ISO/IEC 42001 is the international standard for AI management systems, specifying requirements for establishing, implementing, maintaining, and continually improving an AI governance programme.
- EU AI Act - The EU AI Act (Regulation (EU) 2024/1689) is the European Union's horizontal regulation for AI, classifying systems by risk and imposing obligations on providers, deployers, importers, and distributors.
- AI Audit Trail - An AI audit trail is the persistent, tamper-evident record of every input, output, tool call, model version, and decision an AI system has made, sufficient to reconstruct any past interaction.
External references
Need help applying NIST AI RMF to your enterprise? Submit a short brief and we reply within one business day.