NIST AI Risk Management Framework

The NIST AI Risk Management Framework provides voluntary guidance for managing AI-related risks across organizations. Organized around four core functions: GOVERN, MAP, MEASURE, and MANAGE. Widely adopted as best practice guidance.

• GOVERN: Establish AI risk governance policies and processes
• MAP: Categorize AI systems and identify relevant risks
• MEASURE: Analyze, assess, benchmark, and monitor AI risks
• MANAGE: Prioritize and address AI risks based on measurement
• Document AI system design, development, and deployment
• Establish accountability across the AI lifecycle
• Consider bias, fairness, explainability, and privacy
• Implement continuous monitoring practices

1. 1Start with GOVERN tier: identify stakeholders and establish an AI risk committee
2. 2Complete an AI inventory using MAP guidance
3. 3Select appropriate metrics from the AI RMF Playbook
4. 4Align with existing risk management programs
5. 5Cross-reference with NIST Cybersecurity Framework