The NIST AI Risk Management Framework (AI RMF 1.0), published in January 2023, provides a voluntary framework for managing risks associated with AI systems throughout their lifecycle. Unlike prescriptive regulations, the AI RMF offers flexible guidance that organizations can adapt to their specific context, risk tolerance, and AI maturity level. This guide covers practical implementation of the framework’s four core functions.

Framework Structure

The AI RMF is organized around four core functions: Govern, Map, Measure, and Manage. These functions are not sequential – they operate concurrently and inform each other continuously. The Govern function is foundational and applies across all stages of the AI lifecycle.

Govern: Establish the Foundation

The Govern function establishes the organizational structures, policies, and culture needed for effective AI risk management. It is the most important function because without governance infrastructure, the other three functions have no organizational support.

Define AI risk management policies - Document your organization’s approach to AI risk, including risk appetite, roles and responsibilities, escalation procedures, and decision-making authority. Policies should cover the full AI lifecycle from conception through deployment and decommissioning.

Assign accountability - Designate individuals or teams responsible for AI risk management at each level: system level (individual AI systems), portfolio level (across all AI systems), and organizational level (overall governance). Ensure risk management responsibility is not solely assigned to technical teams; business and legal stakeholders must participate.

Establish review processes - Create procedures for reviewing AI systems before deployment, during operation, and when significant changes occur. Define what triggers a review: new AI system development, model retraining, changes in operating context, or adverse events.

Build organizational culture - Foster an environment where raising AI risk concerns is encouraged, not penalized. Provide AI risk literacy training to all staff involved in AI development and deployment. Share lessons learned from AI incidents across the organization.

Map: Understand Context and Risk

The Map function identifies the context in which AI systems operate and the risks they may pose. It ensures that risks are understood before they are measured or managed.

Identify stakeholders - For each AI system, determine who is affected by its outputs: direct users, subjects of AI decisions, operators, and third parties. Understand their needs, expectations, and potential harms.

Characterize the AI system - Document the system’s purpose, capabilities, limitations, data dependencies, and deployment context. Identify the types of decisions the system makes or influences and their potential consequences.

Identify risks - Catalog potential risks across dimensions: accuracy and reliability risks, fairness and bias risks, privacy risks, security risks, transparency risks, and accountability risks. Consider both individual harms (a person denied credit) and systemic harms (market distortion from widespread use).

Assess impact - Evaluate the severity and likelihood of identified risks. Consider who bears the risk and whether affected parties have recourse. High-impact, hard-to-reverse decisions require more rigorous risk management.

Measure: Quantify and Track

The Measure function establishes metrics and methods for assessing AI risks and tracking them over time.

Define metrics - For each identified risk, define quantitative or qualitative metrics that indicate risk level. Performance metrics (accuracy, error rates), fairness metrics (demographic parity, equalized odds), robustness metrics (performance under perturbation), and operational metrics (drift magnitude, incident frequency).

Establish baselines - Measure current risk levels to create baselines against which changes are detected. Baselines should reflect acceptable performance established during the Govern function.

Implement monitoring - Deploy continuous monitoring for key risk metrics in production. Set alert thresholds that trigger investigation or automated response when metrics exceed acceptable bounds.

Conduct evaluations - Perform periodic structured evaluations including red teaming, bias audits, robustness testing, and impact assessments. Evaluations complement continuous monitoring by testing scenarios that may not occur naturally in production data.

Manage: Respond and Mitigate

The Manage function implements responses to identified and measured risks.

Prioritize risks - Not all risks require immediate action. Prioritize based on severity, likelihood, and organizational risk appetite. Focus resources on the highest-priority risks first.

Implement mitigations - Apply technical mitigations (guardrails, human-in-the-loop, monitoring), operational mitigations (usage restrictions, user training, incident procedures), and governance mitigations (review requirements, approval gates, documentation).

Plan for incidents - Establish AI incident response procedures that define how AI-related failures are detected, escalated, investigated, mitigated, and communicated. Test these procedures through tabletop exercises.

Review and adapt - Risk management is continuous. Review the effectiveness of mitigations, update risk assessments based on new information, and adapt the risk management approach as AI systems and their operating context evolve. Feed lessons from the Manage function back into the Govern, Map, and Measure functions.

Getting Started

Start with your highest-risk AI systems. Apply the full framework to two or three systems first, learn from the experience, and then extend to the broader portfolio. Use the NIST AI RMF Playbook (companion resource) for detailed subcategory guidance and suggested actions.