The voluntary U.S. framework for managing risks in AI system design and deployment.
The NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0), published in January 2023, provides voluntary guidance for organizations to manage risks associated with AI systems across their design, development, deployment, and operation lifecycles. Unlike a prescriptive standard, it is a flexible framework designed to be adapted to organizational context — making implementation documentation that articulates the organization's specific application of the framework particularly important.
The AI RMF has four core functions: GOVERN (establishing policies and accountability), MAP (identifying context and categorizing risks), MEASURE (analyzing and assessing AI risks), and MANAGE (prioritizing and treating risks). The AI RMF Playbook provides additional implementation guidance through categorized Actions for each function. The framework is increasingly referenced in federal agency AI policy and has influenced the EU AI Act's risk management requirements.
AI risk governance policies, organizational accountability structures, risk tolerance documentation, and workforce competency records.
AI system context documentation, stakeholder impact analysis, risk categorization, and AI risk register.
AI risk analysis documentation, bias and fairness evaluation records, AI system performance monitoring documentation.
Risk treatment prioritization documentation, residual risk acceptance records, and incident response documentation.
Documentation of the organization's current and target AI risk management posture.
Documentation integrating AI RMF functions across design, development, deployment, and operation phases.
Templates and implementation resources for NIST AI Risk Management Framework are available through the ELDR Institute Knowledge Hub and via direct request.