The voluntary U.S. AI risk management framework
NIST AI Risk Management
Framework, End to End
Everything you need to know about NIST AI RMF: what it covers, the four core functions, the seven characteristics of trustworthy AI, the Generative AI Profile, and how Modulos accelerates implementation.
What is the NIST AI RMF?
The NIST AI Risk Management Framework 1.0 is voluntary guidance from the U.S. National Institute of Standards and Technology, published in January 2023 as document NIST AI 100-1. It helps organisations design, develop, deploy, and use AI systems that are trustworthy.
AI RMF starts from two assumptions that separate it from older IT risk frameworks. First, AI risk is socio-technical: harms can flow from data, models, deployment context, and human oversight, not just code. Second, AI risk is continuous: systems drift, context changes, and new risks appear over the lifecycle.
It is voluntary. NIST does not certify organisations or products against the framework. Anyone selling “NIST AI RMF certification” is referring to private training certifications, not a NIST-issued attestation. What AI RMF gives you instead is a serious risk-management operating model that U.S. federal agencies, regulators, and enterprises increasingly use as the de-facto reference for trustworthy AI.
For depth, read the Modulos NIST AI RMF implementation guide.
Voluntary U.S. Guidance
NIST AI 100-1
AI Risk Management Framework 1.0
Published
January 2023
Generative AI Profile (NIST AI 600-1) added July 2024
Document
AI 100-1
Profile
AI 600-1
Functions
4
Trustworthy AI
7 traits
Authority
U.S. National Institute of Standards and Technology
U.S. Department of Commerce
Why NIST AI RMF matters now
Three forces are pushing AI RMF from voluntary reference to operational expectation.
Regulatory pull
The de-facto U.S. reference for trustworthy AI
U.S. federal agencies, regulators, and several state AI laws reference NIST AI RMF as the basis for AI risk management practice. Voluntary on paper, but in practice the framework you are expected to know if you sell into U.S. regulated buyers, federal procurement, or sectors where AI risk is on the agenda. Knowing AI RMF is now table stakes.
Operational pull
A serious risk-management operating model, not a checklist
AI RMF 1.0 expects ongoing socio-technical risk management across the AI lifecycle. The four core functions, when implemented properly, produce traceable risk identification, measurement, and treatment. That is what differentiates AI RMF from “AI ethics principles” documents that read well but produce no operational output. Vendors who reduce AI RMF to control bingo miss what the framework is for.
Compositional pull
It composes with regulation, including ISO 42001 and the EU AI Act
AI RMF does not conflict with the EU AI Act or ISO/IEC 42001 : it complements them. Most mature programs use NIST AI RMF as the risk-management operating model inside an ISO 42001 AI management system, and use that combination to meet AI Act risk-management obligations. Layered, not alternative.
The four core functions: Govern, Map, Measure, Manage
AI RMF 1.0 organises AI risk management around four functions. Each function has categories and subcategories, detailed in the AI RMF Playbook. Govern is cross-cutting and sits above the other three.
Govern
Cross-cuttingCultivates a culture of risk management. Govern establishes the policies, accountability, and oversight that make the other three functions repeatable. It is cross-cutting: it sits above Map, Measure, and Manage and is the only function that spans the entire organisation.
What this looks like in practice
- Policies, processes, and procedures for AI risk management
- Accountability structures: defined roles, responsibilities, and lines of communication
- Workforce competence, diversity, and oversight of human-AI configurations
- Risk culture, transparency, and engagement with relevant AI actors
- Third-party and supply-chain risk policies
Map
Establishes context and identifies risks for a specific AI system. Map captures intended use, stakeholders, lifecycle dimensions, and the trustworthiness characteristics applicable to the system. The output is a documented system context that the rest of the framework builds on.
What this looks like in practice
- Documented system context: purpose, intended use, deployment setting
- Categorisation of the AI system (classifier, generative model, recommender, etc.)
- Mapped risks and benefits across all components, including third-party data and software
- Impacts to individuals, groups, communities, and society identified and prioritised
Measure
Analyses and tracks identified risks using both quantitative and qualitative methods. Measure puts the metrics, evaluation processes, and monitoring infrastructure in place that turn the Map output into evidence the organisation can act on.
What this looks like in practice
- Approaches and metrics selected for the most significant AI risks
- AI systems evaluated for trustworthy AI characteristics (test sets, TEVV documentation)
- Mechanisms to track existing, unanticipated, and emergent risks over time
- Feedback on measurement efficacy gathered and integrated
Manage
Allocates resources to treat risks, document residual risk, respond to incidents, and integrate findings back into Govern and Map. Manage closes the loop and keeps the framework operating as a continuous risk-management process rather than a one-time documentation exercise.
What this looks like in practice
- Risk treatment decisions: proceed, modify, defer, or terminate
- Strategies to maximise AI benefits and reduce negative impacts
- Third-party risk monitoring and risk-control application
- Post-deployment monitoring, incident response, and recovery plans
For category-by-category implementation guidance, read the Modulos docs or the official NIST AI RMF Playbook.
The seven characteristics of trustworthy AI
Per AI RMF 1.0 Section 3, trustworthy AI exhibits seven characteristics. They are not independent boxes to tick. They often trade off against one another, and managing those trade-offs is a core part of what risk management is for.
Valid and Reliable
Confirmation through objective evidence that the AI system meets its requirements, and operates as intended in its deployment context. Validity and reliability are foundations for the other characteristics.
Safe
AI systems should not, under defined conditions, lead to a state in which human life, health, property, or the environment is endangered. Safety is informed by transparency and managed through testing, monitoring, and incident response.
Secure and Resilient
AI systems are secure when they can withstand and recover from unexpected adverse events, including adversarial attacks, in confidentiality, integrity, and availability terms. Resilience is the system’s capacity to maintain operations under stress.
Accountable and Transparent
Trustworthy AI depends on accountability, which itself depends on transparency. Information about an AI system, its design, training data, intended use, and outputs should be available to those affected by it, at the right level of detail.
Explainable and Interpretable
Explainability is the representation of how an AI system arrived at an output. Interpretability is the meaning of that output in context. Together they support accountability and let users challenge decisions where appropriate.
Privacy-Enhanced
Privacy refers to norms and practices that safeguard human autonomy, identity, and dignity. AI systems should be designed and operated to protect personal data and the privacy expectations of the contexts in which they are deployed.
Fair, with Harmful Bias Managed
Fairness in AI includes equality, equity, and accessibility. NIST identifies systemic, computational, and human-cognitive biases. Managing harmful bias is an active discipline, not a one-time check, and the framework expects organisations to identify and treat the biases relevant to their use case.
The framework expects organisations to identify which characteristics matter most for their AI systems, prioritise them, and be explicit about the trade-offs.
Cross-sectoral profile · Published July 2024
The Generative AI Profile (NIST AI 600-1)
A cross-sectoral profile that applies AI RMF to generative AI specifically. It maps the risks unique to or exacerbated by generative AI onto the four core functions and provides suggested actions for each.
The 12 GenAI risks the profile addresses
- CBRN information or capabilities
- Confabulation
- Dangerous, violent, or hateful content
- Data privacy
- Environmental impacts
- Harmful bias and homogenisation
- Human-AI configuration
- Information integrity
- Information security
- Intellectual property
- Obscene, degrading, or abusive content
- Value chain and component integration
How to use it
The Generative AI Profile does not replace AI RMF 1.0. It layers on top. For organisations governing generative AI, start with AI RMF 1.0 and add the Generative AI Profile to capture GenAI-specific risks and the suggested actions that address them.
Profiles are how AI RMF tailors to a sector or technology class. Sectoral profiles apply the whole framework to one industry. Cross-sectoral profiles, like AI 600-1, apply it to one technology class (here, generative AI) across all sectors.
Read the full document: NIST AI 600-1, Generative AI Profile (PDF, nist.gov).
Trusted by 200+ organizations
Modulos customers include aDigital, SCSK, ETH, PwC, Berner Fachhochschule, Mobile Health, Serai, CertX, JobCloud, Xayn, Beyond Gravity, Armasuisse.
How NIST AI RMF relates to other frameworks
Most organisations operate AI RMF alongside other standards rather than instead of them. Here is where AI RMF sits relative to the frameworks teams most often ask about.
| Standard | Domain | Relation to AI RMF |
|---|---|---|
| ISO/IEC 42001 | International AI management system | Layered |
| EU AI Act | Binding EU regulation | Different layer |
| NIST Cybersecurity RMF (SP 800-37) | U.S. federal information security | Disambiguation |
| ISO/IEC 27001 | International information security | Complementary |
AI RMF vs ISO/IEC 42001
LayeredAI RMF is voluntary U.S. guidance; ISO/IEC 42001 is a certifiable international management system standard. They are not alternatives. Most mature programs use NIST AI RMF as the risk-management operating model inside an ISO 42001 AI management system, which is the certifiable wrapper that makes the program auditable and durable.
AI RMF vs EU AI Act
Different layerAI RMF is voluntary; the EU AI Act is binding regulation with legal obligations and penalties. Implementing AI RMF helps build the risk-management practices the Act expects of high-risk AI providers under Article 9, but it does not replace the Act's specific compliance and conformity-assessment requirements. Different levels of obligation, complementary in practice.
AI RMF vs NIST Cybersecurity RMF (SP 800-37)
DisambiguationDifferent framework. The Cybersecurity RMF (NIST SP 800-37) governs information system security risk for federal information systems. The AI RMF (NIST AI 100-1) governs AI-specific risks: data quality, model behaviour, socio-technical harms that the Cybersecurity RMF does not address. The two are often confused because both are “NIST RMF.” Organisations operating both share governance processes where possible.
AI RMF vs ISO/IEC 27001
ComplementaryISO 27001 covers information security; AI RMF covers AI-specific risk dimensions including data quality, model behaviour, and socio-technical harms. Organisations operating ISO 27001 can re-use document control, internal audit, and management review processes when adopting AI RMF. The frameworks complement each other; neither replaces the other.
Comparing platforms? See how 20 AI governance platforms support NIST AI RMF in our 2026 enterprise buyer’s guide.
How to implement NIST AI RMF in practice
AI RMF is voluntary and method-agnostic. It does not prescribe a project plan. These are the five steps mature programs converge on, and the failure modes worth avoiding.
Define scope
What AI systems are in scope? What organisational unit? Without scope, the framework expands indefinitely and nothing gets done. A tight initial scope is the difference between a working program and a perpetual planning exercise.
Establish Govern first
Stand up the cross-cutting governance, including policies, accountability, and oversight roles, before drilling into individual AI systems. Govern is what makes Map, Measure, and Manage repeatable. Skipping it is the most common reason AI RMF programs stall after the pilot.
Run Map, Measure, and Manage on a pilot system
Don’t try to do everything at once. Pick one moderate-risk AI system. Work the loop end-to-end: Map the context and risks, Measure them with appropriate metrics, Manage with documented treatment decisions. Use the lessons to scale.
Build a profile
A profile (sectoral or cross-sectoral) tailors AI RMF to your context. If you operate generative AI, start with the Generative AI Profile (NIST AI 600-1). If you operate in a regulated industry, you may build a sectoral profile that aligns AI RMF to that sector’s expectations.
Operate it as a continuous loop, not a project
AI risk is continuous; the framework is continuous. Map, Measure, and Manage feed back into Govern. The most common failure mode is treating AI RMF as a documentation exercise. It is an operating model. Build it into how AI work happens, not next to it.
When the program needs to be auditable. Mature AI RMF programs eventually face the question: how do we prove this is being run? That is when the cross-link to ISO/IEC 42001 matters. AI RMF is the risk operating model; ISO 42001 is the certifiable management system that wraps it. See the ISO 42001 certification path.
How Modulos accelerates NIST AI RMF implementation
AI RMF is a serious risk-management operating model. Modulos automates the parts software is good at so the governance team can focus on decisions.
Multi-framework governance graph
NIST AI RMF subcategories map to ISO/IEC 42001 controls, EU AI Act articles, and other frameworks simultaneously. One control can satisfy requirements from multiple frameworks: collect evidence once, reuse across.
AI risk quantification in monetary terms
AI RMF requires risk identification and treatment but is method-agnostic. Modulos quantifies AI risk in monetary terms across the portfolio, the format boards and U.S. federal agencies increasingly expect.
AI agents that operationalise the framework
Scout drafts assessments and identifies gaps; the Evidence Agent collects evidence from connected sources; the Control Assessment Agent runs continuous validation. Records exist as a byproduct of the work, not as a separate documentation effort.
Continuous testing for the Measure function
Connect AI systems and data sources; schedule automated tests for bias, drift, and performance. The metrics that the Measure function expects, gathered continuously rather than at audit time.
Reports for boards and procurement
Generate structured reports, evidence packs, and audit trails that show the four functions are being run. The same outputs satisfy board reviews, federal procurement disclosures, and the audit-equivalent reviews mature AI RMF programs face.
For a function-by-function walkthrough of how Modulos operationalises NIST AI RMF, see the Modulos docs.
Why Modulos for NIST AI RMF
Modulos has been an active member of NIST's AI safety consortium since its founding, contributing to the standards work that shapes how AI risk is governed in the United States.
Active member of NIST's AI safety consortium
Modulos has been an active member of NIST's AI Safety Institute Consortium (AISIC), now the Center for AI Standards and Innovation (CAISI), since its founding in 2024. We participate in working groups, submit briefs and public comments, and contribute regularly to the consortium's work on AI safety standards.
Read about NIST's AI Safety Institute work →FAQ about NIST AI RMF
The NIST AI Risk Management Framework 1.0 is voluntary guidance from the U.S. National Institute of Standards and Technology, published in January 2023 (NIST AI 100-1). It helps organisations identify, assess, and manage AI risks across the AI system lifecycle. It is organised around four core functions, Govern, Map, Measure, and Manage, and seven characteristics of trustworthy AI.
Further reading
Deeper dives from the Modulos team on NIST AI RMF, the global standards landscape, and how AI RMF fits inside an ISO/IEC 42001 management system.
NIST AI Risk Management Framework: the engineering spec for AI risk
The NIST AI RMF is voluntary, which is exactly why it spreads. Here is what it actually asks for, how it lines up with EU AI Act and ISO 42001, and how to implement it without the ceremony.
Read more →
Global standards for AI governance: EU AI Act, ISO 42001 and NIST compared
Colorado, Texas and Illinois all moved. The EU AI Act is live. ISO 42001 is certifiable. Build your stack on the strictest layer once and the rest is mapping, not rebuilding.
Read more →
ISO 42001 certification: what it actually takes
ISO 42001 certification, explained by the organisation that went through it first. Six stages, realistic timelines by organisation size, certification costs that nobody else publishes, and the auditor questions that actually separate a certifiable AI management system from a theatrical one. Written by Europe's first ISO/IEC 42001-certified AI governance platform vendor.
Read more →Ready to operationalise NIST AI RMF?
Talk to the team behind the platform that holds the only ISO/IEC 42001 product conformity certificate (CertX 213-001/24) for an AI governance tool, and that contributes to the work of CAISI.