Rakshan.
Back to Frameworks
🇺🇸
Voluntary

NIST AI Risk Management Framework

United StatesUnited States (globally influential)

Summary

The NIST AI Risk Management Framework (AI RMF) is a voluntary framework designed to better manage risks to individuals, organizations, and society associated with artificial intelligence. The framework is intended to be used by organizations developing, deploying, or using AI systems to help manage the many risks of AI technologies. While voluntary for private organizations, it is increasingly referenced in US government policies and may become a de facto standard for AI governance in the US.

Key Obligations

  • Map: Identify, analyze, and document context, capabilities, and potential impacts of the AI system
  • Measure: Assess AI risks and impacts through qualitative and quantitative tools and methodologies
  • Manage: Allocate resources to address and reduce AI risks based on organization's risk tolerance
  • Govern: Cultivate a culture of risk management through policies, processes, and procedures
  • Document AI system characteristics, capabilities, limitations, and potential impacts
  • Implement risk management processes throughout the AI system lifecycle
  • Establish clear roles and responsibilities for AI risk management
  • Regularly test, evaluate, and update AI systems and risk controls

Enforcement

Regulator

No direct enforcement authority as it is a voluntary framework. However, Executive Order 14110 requires federal agencies to follow NIST guidance for AI systems.

Penalties

No direct penalties for non-compliance as it is voluntary. However, failure to implement may impact government contracts or increase liability risk.

Audit Mechanism

Self-assessment and third-party assessment options are available. No mandatory audit requirements.

Applicable To

  • Federal agencies (encouraged)
  • Private organizations (voluntary)
  • AI system developers and deployers
  • Organizations seeking to demonstrate responsible AI practices
  • Organizations subject to Executive Order 14110

AI-GPM Coverage

Our platform provides comprehensive support for implementing the NIST AI RMF, including automated mapping of AI systems, risk assessment tools, governance documentation, and continuous monitoring capabilities. We help you implement all four functions of the framework (Map, Measure, Manage, Govern) with pre-built templates and workflows.

Resources

NIST AI RMF Core Functions

1

MAP

Identify, analyze, and document context, capabilities, and potential impacts

  • Context awareness
  • System design
  • Risk identification
2

MEASURE

Assess AI risks and impacts through qualitative and quantitative tools

  • Risk assessment
  • Testing and evaluation
  • Impact assessment
3

MANAGE

Allocate resources to address and reduce AI risks based on risk tolerance

  • Risk prioritization
  • Risk response
  • Risk communication
4

GOVERN

Cultivate a culture of risk management through policies and procedures

  • Policies and procedures
  • Roles and responsibilities
  • Training and awareness

Need Help With Compliance?

Our platform automates compliance with NIST AI Risk Management Framework and other global AI regulations.