The NIST AI Risk Management Framework (AI RMF) is the United States’ flagship, globally influential framework for managing risks across the entire AI lifecycle. It is voluntary, non‑regulatory, and designed to help organisations build trustworthy, safe, secure, and responsible AI systems.

Below is a clear, structured breakdown based on the authoritative NIST sources retrieved.

What the NIST AI RMF Is

The NIST AI Risk Management Framework (AI RMF) is a comprehensive guide created by the U.S. National Institute of Standards and Technology to help organisations:

• Identify AI‑related risks

• Assess and prioritise them

• Implement controls

• Monitor and improve AI systems over time

It is voluntary, technology‑neutral, and sector‑agnostic, making it widely adopted across government, enterprise, and civil society.

Purpose of the AI RMF

The framework aims to improve the trustworthiness of AI systems by embedding principles such as:

• Transparency

• Fairness

• Accountability

• Robustness & Security

• Privacy Enhancement

• Reliability & Safety

Its goal is to help organisations innovate responsibly while managing risks to individuals, communities, and society.

How It Was Developed

NIST built the AI RMF through a multi‑year, consensus‑driven process involving:

• Public consultations

• Workshops

• Draft releases

• Collaboration with industry, academia, and government

The first full version, AI RMF 1.0, was released on 26 January 2023.

Core Structure of the AI RMF

The framework is organised into two major parts:

1. Foundational Concepts

These define what “trustworthy AI” means and outline key risk dimensions, including:

• Data quality

• Model robustness

• Human oversight

• System security

• Societal impact

2. The AI RMF Core (Four Functions)

The Core is the operational heart of the framework:

A. GOVERN

Establish organisational policies, roles, and accountability structures for AI risk.

B. MAP

Understand the context, intended use, and potential impacts of an AI system.

C. MEASURE

Assess, analyse, and quantify AI risks using metrics, testing, and evaluation.

D. MANAGE

Implement controls, monitor performance, and continuously improve risk posture.

These functions are iterative and apply across the entire AI lifecycle.

2024–2025 Updates: Generative AI Profiles

NIST has released specialised profiles to address emerging risks:

Generative AI Profile (NIST‑AI‑600‑1)

Released July 2024, this profile helps organisations identify and mitigate risks unique to generative AI systems (LLMs, image models, agents).

Agentic AI Profile (Draft)

Addresses governance gaps created by autonomous AI agents.

These profiles extend the AI RMF to modern AI architectures.

Supporting Resources

NIST provides a full ecosystem around the AI RMF:

• AI RMF Playbook

• AI RMF Roadmap

• AI RMF Crosswalks (mapping to ISO, EU AI Act, etc.)

• Trustworthy & Responsible AI Resource Center

These tools help organisations operationalise the framework.