NIST AI RMF
NIST AI Risk Management Framework (AI RMF 1.0)
The voluntary US framework for trustworthy AI
The NIST AI Risk Management Framework is a voluntary, widely-adopted guide for building trustworthy AI. It organizes AI risk work around four functions — Govern, Map, Measure, and Manage — and defines the characteristics of trustworthy AI (valid, safe, secure, accountable, explainable, privacy-enhanced, fair). It is the de-facto baseline referenced in US procurement and by many enterprises worldwide.
Who must comply with NIST AI RMF?
Voluntary for all, but commonly expected by US government buyers and enterprise customers as a baseline for responsible AI. A good fit for any team that wants a practical, function-based way to manage AI risk.
Not sure if NIST AI RMF applies? Run a free assessment →
Key obligations under NIST AI RMF
Govern
Build an AI governance culture — policies, accountability, roles, and risk tolerance across the organization.
Map
Establish the context and intended use of each AI system, and identify its risks and impacts.
Measure
Analyze, benchmark, and test AI risks with quantitative and qualitative metrics.
Manage
Prioritize and respond to risks — allocate resources, treat, monitor, and document.
Trustworthiness characteristics
Address validity, safety, security, accountability, explainability, privacy, and fairness for each system.
Profiles & documentation
Use AI RMF profiles to document your current and target risk posture per use case.
Penalties & enforcement
No penalties, but it is the trust baseline many US buyers and partners require before they will contract.
Frameworks that often overlap with NIST AI RMF
Run a free NIST AI RMF gap assessment
Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with NIST AI RMF — in under 3 hours. Free forever.
Start free assessment