Artificial Intelligence Risk Management

NIST AI Risk Management Framework

The voluntary U.S. framework for managing risks in AI system design and deployment.

Knowledge Hub
4 Core Functions
GOVERN·MAP·MEASURE·MANAGE
January 2023
Published
Voluntary
U.S. framework
Playbook
Action guidance
Overview

The NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0), published in January 2023, provides voluntary guidance for organizations to manage risks associated with AI systems across their design, development, deployment, and operation lifecycles. Unlike a prescriptive standard, it is a flexible framework designed to be adapted to organizational context — making implementation documentation that articulates the organization's specific application of the framework particularly important.

The AI RMF has four core functions: GOVERN (establishing policies and accountability), MAP (identifying context and categorizing risks), MEASURE (analyzing and assessing AI risks), and MANAGE (prioritizing and treating risks). The AI RMF Playbook provides additional implementation guidance through categorized Actions for each function. The framework is increasingly referenced in federal agency AI policy and has influenced the EU AI Act's risk management requirements.

Standard Identity
NIST AI Risk Management Framework
Artificial Intelligence Risk Management
AI RMF
Key Requirements

What the standard
requires you to document.

GOVERN

AI risk governance policies, organizational accountability structures, risk tolerance documentation, and workforce competency records.

MAP

AI system context documentation, stakeholder impact analysis, risk categorization, and AI risk register.

MEASURE

AI risk analysis documentation, bias and fairness evaluation records, AI system performance monitoring documentation.

MANAGE

Risk treatment prioritization documentation, residual risk acceptance records, and incident response documentation.

Organizational Profile

Documentation of the organization's current and target AI risk management posture.

AI Lifecycle Integration

Documentation integrating AI RMF functions across design, development, deployment, and operation phases.

ELDR Documentation

Templates and resources
available from the Knowledge Hub.

NIST AI RMF Organizational Profile — current and target state documentation
AI Risk Register — identified AI risks, likelihood, impact, and treatment
GOVERN function documentation — AI governance policy suite and accountability records
MAP function documentation — AI system context analysis and stakeholder impact records
MEASURE function documentation — AI risk analysis, bias assessment, and performance records
MANAGE function documentation — risk treatment plans and incident response procedures
AI RMF Playbook implementation documentation for each Core Function
AI system Model Cards and system documentation aligned with AI RMF MAP function
Request Access

Templates and implementation resources for NIST AI Risk Management Framework are available through the ELDR Institute Knowledge Hub and via direct request.

Or: institute@eldrinc.com

Related Frameworks