I
Impetora
Regulation

NIST AI RMF

The NIST AI Risk Management Framework is a voluntary US framework for managing risks of AI systems across the lifecycle, organised around the functions Govern, Map, Measure, and Manage.

What is NIST AI RMF?

Published in January 2023, the NIST AI RMF is widely used by US enterprises and increasingly referenced internationally. It is technology-neutral and outcome-focused, emphasising trustworthy characteristics: valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with bias managed. The 2024 Generative AI Profile adds specific guidance for foundation models.

How does NIST AI RMF apply to enterprise AI?

Enterprises subject to US sectoral regulators (FDA, FTC, OCC) often map their controls to the NIST AI RMF. The framework also pairs cleanly with ISO 42001 and the EU AI Act for a single multi-jurisdiction control set.

Related terms

Governance

AI Risk Management

AI risk management is the discipline of identifying, assessing, mitigating, and monitoring the harms an AI system can cause across its lifecycle.
Regulation

ISO 42001

ISO/IEC 42001 is the international standard for AI management systems, specifying requirements for establishing, implementing, maintaining, and continually improving an AI governance programme.
Regulation

EU AI Act

The EU AI Act (Regulation (EU) 2024/1689) is the European Union's horizontal regulation for AI, classifying systems by risk and imposing obligations on providers, deployers, importers, and distributors.

External references

Impetora

Need help applying NIST AI RMF to your enterprise? Submit a short brief and we reply within one business day.

Submit a projectBack to glossary
Discovery call

Book a discovery call

Tell us what you would like to build. We reply within one business day.

30-minute call. Free of charge. No obligation.