NIST AI RMF — definition

The NIST AI Risk Management Framework (AI RMF) is the US voluntary framework for managing AI risk, organized around four core functions: Govern (policies and culture), Map (context and risk identification), Measure (analysis and assessment), and Manage (prioritization and treatment). It is the dominant enterprise AI governance reference in North America.

The AI RMF is vendor- and technology-neutral and integrates with existing enterprise risk management programs. Federal contractors and organizations seeking AI compliance in regulated sectors increasingly use AI RMF alignment as the baseline for internal governance programs, ahead of mandatory US AI legislation.

Related terms

AI Governance — AI governance is the system of policies, controls, and accountabilities that determines what AI is allowed to do inside an organization, who approves AI deployments, how AI decisions are audited, and how risk is managed.

EU AI Act — The EU AI Act is the world's first comprehensive legal framework for artificial intelligence, adopted in 2024 and phased in through 2027.

Responsible AI — Responsible AI is an umbrella term for the operational practices that make AI deployments safe, fair, transparent, accountable, and aligned with human values — covering ethics, governance, security, privacy, and reliability across the full lifecycle.