3.2 The NIST AI Risk Management Framework
Key Takeaways
- NIST AI RMF 1.0 was released on 26 January 2023 as a voluntary, rights-preserving, sector- and use-case-agnostic framework directed by the National AI Initiative Act of 2020.
- The RMF describes seven characteristics of trustworthy AI: valid and reliable (foundational), safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed.
- The RMF Core has four functions—GOVERN, MAP, MEASURE, and MANAGE—each broken into categories and subcategories, with GOVERN cutting across the other three.
- GOVERN cultivates a risk-management culture; MAP frames context and risk; MEASURE analyzes and tracks risk; MANAGE prioritizes and acts on risk over the lifecycle.
- NIST published the Generative AI Profile (NIST AI 600-1) in July 2024, a cross-sectoral companion identifying twelve GAI-specific risks and suggested actions mapped to the four functions.
Purpose and Nature
The NIST AI Risk Management Framework (AI RMF 1.0) was released by the U.S. National Institute of Standards and Technology on 26 January 2023, as directed by the National AI Initiative Act of 2020. Three adjectives capture its character and appear repeatedly on the exam: it is voluntary (no legal mandate or penalties), rights-preserving (designed to protect civil rights and civil liberties, not just business risk), and sector- and use-case-agnostic (adaptable to any organization, size, or domain). Unlike the EU AI Act, the RMF does not classify systems into fixed risk tiers or prohibit any use; it is a flexible resource for managing risk throughout the AI lifecycle.
The document is organized in two parts. Part 1 frames AI risk—what makes AI risk distinct, how to think about harms to people, organizations and ecosystems, and how to balance risk against benefit. It also defines the audience of AI actors. Part 2 contains the Core (the four functions) and the concept of profiles, which tailor the Core to a specific context or sector. A companion AI RMF Playbook offers concrete suggested actions.
Characteristics of Trustworthy AI
Before the functions, NIST defines seven characteristics of trustworthy AI. These are the qualities the functions help you achieve:
- Valid and reliable — the foundational characteristic; without validity the others are moot.
- Safe — does not endanger human life, health, property, or environment.
- Secure and resilient — withstands adversarial attack and recovers gracefully.
- Accountable and transparent — information is available and responsibility is assignable.
- Explainable and interpretable — mechanisms and meaning of outputs can be understood.
- Privacy-enhanced — safeguards anonymity, confidentiality, and control.
- Fair with harmful bias managed — addresses systemic, computational/statistical, and human-cognitive bias.
NIST stresses that these characteristics involve trade-offs—maximizing interpretability may reduce accuracy, and enhancing privacy may limit data available for fairness testing. Managing those tensions is a governance judgment, not a formula. NIST also singles out valid and reliable as foundational: an AI system that is not valid cannot meaningfully be safe, fair, or trustworthy, so validity underpins all the others. Watch for exam options that invent characteristics the RMF does not list, such as ‘profitable’ or ‘efficient’—only the seven above belong to NIST’s trustworthiness set.
The Four Core Functions
The heart of the RMF is the Core, four functions each subdivided into categories and subcategories:
| Function | Role | Illustrative activities |
|---|---|---|
| GOVERN | Cross-cutting culture and structure | Policies, roles, accountability, risk tolerance, workforce diversity, third-party risk—present in and informing all other functions. |
| MAP | Establish context and frame risk | Define purpose, categorize the system, identify stakeholders, anticipate impacts and benefits. |
| MEASURE | Analyze, assess, benchmark, monitor | Apply quantitative and qualitative metrics, test for trustworthiness characteristics, track over time. |
| MANAGE | Prioritize and act | Allocate resources to mapped/measured risks, respond, recover, and communicate; plan for incidents. |
The single most tested point is that GOVERN is cross-cutting. It is not a sequential first step you complete and leave behind; it is the connective tissue that infuses culture, accountability and risk tolerance into MAP, MEASURE, and MANAGE. The other three are often iterative rather than strictly linear—you MAP a context, MEASURE the risks, MANAGE them, and loop back as the system and its environment change.
A reliable way to keep MAP, MEASURE, and MANAGE apart: MAP asks ‘what is the context and what could go wrong?’ MEASURE asks ‘how big is the risk and how do we track it?’ and MANAGE asks ‘what do we do about it and in what priority order?’ Confusing MEASURE with MANAGE is a common error—measuring produces the evidence, managing acts on it.
The Generative AI Profile (2024)
In July 2024, NIST released the Generative AI Profile, NIST AI 600-1, in response to a White House executive order on AI. A profile is an application of the Core to a particular use context; this one is cross-sectoral and focuses on generative AI. It identifies twelve risks that are unique to, or exacerbated by, generative AI—including confabulation (hallucination), dangerous or violent content, data privacy, harmful bias and homogenization, information integrity, information security, intellectual property, and CBRN (chemical, biological, radiological, nuclear) information hazards, among others. For each risk it offers suggested actions mapped back to GOVERN, MAP, MEASURE, and MANAGE, so organizations already using the RMF can extend their practices to generative systems without adopting a separate framework. For AIGP purposes, remember that the Generative AI Profile is a companion to—not a replacement for—AI RMF 1.0, and it demonstrates how NIST’s profile mechanism keeps a voluntary framework current as the technology evolves.
Profiles, the Playbook, and Socio-Technical Framing
Two further concepts round out the framework. First, profiles are the RMF’s mechanism for tailoring the Core. A use-case profile applies the four functions to a specific application (say, hiring or fraud detection), while a temporal profile describes an organization’s current versus target state, so gaps can be planned and tracked. The Generative AI Profile is simply a large, cross-sectoral instance of this idea. Second, the AI RMF Playbook is a companion resource offering concrete, voluntary suggested actions and references organized by function, category and subcategory—it is not part of the framework’s requirements but a practical how-to.
NIST also frames AI risk as socio-technical: risks emerge not only from the model but from the interaction of technology with the people and social context that build, deploy and use it. That is why bias is decomposed into systemic, computational/statistical, and human-cognitive sources, and why human-AI configuration appears as a distinct concern. A final exam-relevant nuance: the RMF is designed to be complementary to other frameworks—an organization can operationalize the OECD principles or prepare for ISO/IEC 42001 certification while using the RMF’s functions as its day-to-day risk process. Recognizing that these instruments interlock, rather than compete, is exactly the systems-level thinking the AIGP rewards.
In the NIST AI RMF Core, which function is explicitly described as cross-cutting—cultivating a culture of risk management that informs all the other functions?
Which statement accurately describes the NIST AI Risk Management Framework?
An organization is applying quantitative and qualitative metrics to test an AI system for bias and reliability and to track those results over time. Which core function does this activity primarily belong to?