Compliance & Regulatory
NIST AI Risk Management Framework (AI RMF)
A voluntary US framework providing structure for identifying, assessing, and managing AI-related risks.
The NIST AI Risk Management Framework (AI RMF 1.0), published in January 2023, provides organizations with a structured approach to managing AI risks. It's organized around four core functions:
- Govern: Establish policies, roles, and accountability structures for AI risk management
- Map: Understand the context, capabilities, and limitations of AI systems
- Measure: Assess AI risks using quantitative and qualitative methods
- Manage: Prioritize and act on identified risks based on impact and likelihood
While voluntary, the NIST AI RMF is increasingly referenced by US regulators (SEC, FDIC, OCC) and is becoming a de facto standard for demonstrating AI risk management maturity. It also provides a companion "Generative AI Profile" specifically addressing GenAI risks.
Why it matters
Even though it's voluntary, NIST AI RMF is the framework US regulators point to when they ask 'how do you manage AI risk?' Having a program that maps to NIST functions gives you a defensible answer.