Governance framework · 1.0 · 2023-01-26; revision underway

NIST AI Risk Management Framework

Maintained by NIST

What it helps you do

Use NIST AI RMF when you need govern, Map, Measure, and Manage functions for addressing AI risks across organizations and system lifecycles.

  • AI / ML
  • Cross-cutting
PlanAcquireHarmonizeExchangeLearn + reuse

01

Where it fits—and where it doesn’t

Use these four checks before committing implementation time.

Use it when
Governance overlay for intended use, accountability, risk measurement, release decisions, and ongoing monitoring.
Do not use it as
Do not treat NIST AI RMF as a complete solution on its own. Voluntary and use-case agnostic; it does not prescribe life-science schemas, legal compliance, or quantitative acceptance thresholds.
Best for
Teams working with AI / ML and Cross-cutting data across Plan → Harmonize → Learn + reuse.
Maturity
EstablishedEstablished enough for serious use; still pin the exact release and any implementation profile.

02

See it in the workflow

A standard creates value by changing a handoff, not by existing in a catalog.

  1. InputWhat starts

    AI / ML and Cross-cutting data, metadata, and the local decisions around them

  2. NIST AI RMFWhat changes

    NIST AI RMF applies a shared governance framework across Plan → Harmonize → Learn + reuse

  3. OutputWhat becomes possible

    A more consistent, reviewable handoff for the next system or team

Readiness gateBefore scaling: Voluntary and use-case agnostic; it does not prescribe life-science schemas, legal compliance, or quantitative acceptance thresholds.

03

A concrete example

A data owner maps intended use and affected populations, defines quality and harm metrics, records approvals, and manages release and monitoring actions.

Why it matters: Provides the governance structure for deciding readiness, not a machine-readable certificate that a dataset is ready.

04

What it fits with

Sits above technical data standards; DQV, Croissant, provenance, policy vocabularies, and domain tests can supply evidence to its processes.

05

Implementation starter

Start with one bounded handoff. Pin, test, and review it before scaling.

  1. Name an accountable owner and the decision NIST AI RMF must support.

  2. Pin the exact version and companion artifacts: 1.0 · 2023-01-26; revision underway.

  3. Map one representative input to the required governance framework artifacts.

  4. Test the result against the canonical source and record every exception.

  5. Preserve the source data, mappings, and review evidence before scaling.

06

Limitation to test first—and the tests that catch it

Risk

Voluntary and use-case agnostic; it does not prescribe life-science schemas, legal compliance, or quantitative acceptance thresholds.

Test

Run one representative end-to-end pilot and record exactly where NIST AI RMF loses context, needs an extension, or depends on another standard.

Risk

A structured or machine-readable result can still be unfit for analysis or AI.

Test

Test the output for missing context, provenance, terminology alignment, time leakage, and the intended downstream decision. Provides the governance structure for deciding readiness, not a machine-readable certificate that a dataset is ready.

07

Why we believe this

Checked against the canonical source plus independent operational evidence from an adopter, regulator, or implementation report.

Evidence notation: E1 + E2. The code is shorthand; the plain-language statement above is the claim.

Formal status
Published voluntary framework; revision underway
Confidence
High
Review state
Source-checked · watch
Reviewed by
AI governance reviewer
Last verified
13 July 2026
Review again when
NIST revision or sector-profile release
How the evidence method works

08

Source shelf

Official diagrams, examples, specifications, and explainers. Nothing external loads until you choose to open it.

  • Primary source1.0 · 2023-01-26; revision underway

    NIST AI RMF 1.0

    The canonical publisher or steward source used to verify this governance framework profile.

    Publisher
    NIST
    Rights
    Rights remain with the publisher; this knowledge base links to the source rather than copying it.
    Access
    Opens the publisher's source in a new tab; no external media loads on this page.
    Verified
    2026-07-13
    Open at source

Next action

Put this profile in context

Compare its role with adjacent standards or place it inside an end-to-end data pathway before choosing an implementation.