NIST AI RMF

U.S. NIST's voluntary framework for managing risks in AI systems across the lifecycle.

The NIST AI Risk Management Framework provides a structured approach to identify, measure, manage, and govern AI risks. It defines four functions: Govern, Map, Measure, Manage. We reference NIST AI RMF when scoping risk-compliance engagements, particularly for regulated industries.

When it matters

When you operate in a US-regulated industry (financial services, healthcare, federal contracts) or need a defensible AI governance framework for board review. Voluntary but rapidly becoming de-facto for procurement.

Real example

A bank-side AI workflow mapped to NIST AI RMF: Govern (named owner, policy doc), Map (use case context, stakeholder impact), Measure (test set accuracy, fairness metrics, drift), Manage (incident response, deprecation plan). Documented in 18 pages, signed by Head of Risk.

KPIs to watch

RMF function coverage (4/4 required), quarterly review completion rate (100%), incident response SLA (<24h for high-severity).

Reference: NIST AI RMF

Related terms

Grounding

Anchoring model output to verifiable source material to reduce hallucination.

Hallucination

Plausible but factually incorrect output generated by an LLM with no grounding.

Guardrails

Pre and post checks that filter unsafe, off-topic, or non-compliant model outputs.

Prompt injection

An attack where user input manipulates the model into ignoring its system prompt or executing unintended actions.

See it in action

We use this every week

Book a 30-min call and we'll walk you through how NIST AI RMF shows up in a real engagement we're running.

Book a 30-min call