NIST AI RMF (AI Risk Management Framework)

The NIST AI Risk Management Framework (AI RMF 1.0) is voluntary guidance for building trustworthy AI risk management. It is designed to work across industries and across the AI lifecycle.

Key facts

Type

Voluntary framework

Scope

Organization and system level

Structure

Core functions and profiles

Best for

Trustworthy AI programs

Authoritative resource (NIST)

• NIST: AI Risk Management Framework (AI RMF 1.0)

How to use this guide

Use the NIST AI RMF in one of three ways:

• Program design: define roles, oversight, and decision criteria that scale across AI systems.
• System governance: scope a specific AI system, evaluate risk signals, and track mitigations.
• Risk communication: explain “why we trust this system enough to deploy” to internal and external stakeholders.

The four core functions (the core mental model)

NIST AI RMF centers on four functions:

• Govern: set accountability, policies, and oversight
• Map: understand the context and risks of the AI system
• Measure: evaluate and monitor risk signals and impacts
• Manage: prioritize and implement risk responses

Go deeper: Core functions and profiles.

NIST AI RMF

Continuous AI risk management

Govern

Accountability, policies, oversight

Map

Context, stakeholders, impacts

Measure

Testing and monitoring signals

Manage

Mitigations and residual risk

How Modulos operationalizes NIST AI RMF

Modulos turns a framework into execution work:

• map framework requirements into project requirements
• execute controls and link evidence as you go
• use testing and reviews to create continuous governance signals

Frameworks

EU AI ActRegulatory

ISO 42001Standard

Requirements

Art. 9.1Risk management

Art. 10.2Data governance

6.1.1Risk assessment

Controls

Risk assessment processReusable

Data validation checksReusable

Components

Risk identification

Impact analysis

Evidence

Risk registerDocument

Test resultsArtifact

Requirements preserve the source structure

Controls are reusable across frameworks

Evidence attaches to components (sub-claims)

For risk measurement, Modulos supports monetary risk quantification so teams can prioritize treatment and investment.

Related: Risk portfolio overview.

Getting started

Core functions and profiles

How NIST AI RMF becomes scoping work and a prioritized gap backlog

Operationalizing in Modulos

A practical path to implement NIST AI RMF with projects and workflows

Governance operating model

The requirements-controls-evidence-review loop in Modulos

Testing

Turn evaluations into governance signals and evidence

Disclaimer

This page is for general informational purposes and does not constitute legal advice.