NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0)

• This community centers on the core functions and documentation of the NIST AI Risk Management Framework, providing the foundational structure for managing AI risks.
• AI RMF Core::framework_component, AI RMF Playbook::document, AIframework@nist.gov::url, NIST Special Publication 1270::document, NIST::organization

• This group covers the official release of the NIST AI RMF 1.0, including its organizational leadership, international standards, and supporting technical documentation.
• AI RMF 1::framework_component, Four Principles of Explainable Artificial Intelligence::resource, Gina M. Raimondo::person, ISO 26000:2010::resource, ISO/IEC TR 24368:2022::resource, January 2023::date, Laurie E. Locascio::person, NIST AI 100-1::document, NIST Cybersecurity Framework::framework_component, National Institute of Standards and Technology::organization, Organizational Management::organization, Psychological Foundations of Explainability and Interpretability in Artificial Intelligence::resource, Third-party entities::organization, U.S. Department of Commerce::organization, Version Control Table::framework_component, https://doi.org/10.6028/NIST.AI.100-1::url

• This community focuses on the broader landscape of AI risk management, incorporating international standards from the OECD and ISO alongside NIST's framework.
• AI RMF Current Profile::framework_component, AI RMF Profiles::framework_component, AI RMF Target Profile::framework_component, AI RMF::document, AI RMF::framework_component, AI actors::person, Artificial Intelligence in Society—OECD iLibrary::resource, ISO 31000:2018::document, ISO/IEC 22989:2022::document, ISO/IEC::organization, NIST Privacy Framework::framework_component, NIST Risk Management Framework::framework_component, National Artificial Intelligence Initiative Act of 2020::document, OECD Framework for the Classification of AI systems::document, OECD Framework for the Classification of AI systems::resource, OECD Recommendation on AI:2019::document, OECD::organization, OMB Circular A-130:2016::document, Secure Software Development Framework::framework_component

• This community highlights the unique influence of AI systems on society and the future as detailed in international technical reports.
• ISO/IEC TR 24368:2022::document

• This group defines the core characteristics of trustworthy AI, such as safety, security, and fairness, and how they are integrated into risk management.
• AI RMF 1.0::document, AI Risk Management Document::document, Accountable and Transparent::framework_component, Explainable and Interpretable::framework_component, Fair with harmful bias managed::framework_component, ISO 9000:2015::resource, ISO GUIDE 73::resource, ISO/IEC TS 5723:2022::resource, National AI Initiative Act of 2020::document, Privacy-enhanced::framework_component, Privacy-enhancing technologies (PETs)::framework_component, Safe::framework_component, Secure and Resilient::framework_component, The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management::document, Valid and Reliable::framework_component

• This community provides access to the official NIST AI RMF website and supplementary resources for practitioners.
• AI RMF Playbook::resource, NIST AI RMF website::url

• This community represents the role of national commissions in providing strategic recommendations for AI development and governance.
• National Security Commission on Artificial Intelligence::organization

• This community focuses on federal planning and the development of technical standards for AI technologies.
• Plan for Federal Engagement in Developing Technical Standards and Related Tools::document

• This group examines the stages of the AI lifecycle and the challenges of measuring risk, including human baselines and system inscrutability.
• AI Deployer::person, AI Developer::person, AI Lifecycle::framework_component, Human Baseline::framework_component, Inscrutability::framework_component

• This community focuses on the mechanisms, tools, and roles required to ensure AI systems are transparent, interpretable, and accountable.
• AI deployers::organization, AI developers::organization, AI systems::framework_component, Explainability::framework_component, Interpretability::framework_component, Transparency tools::resource

• This community details the practical implementation of the AI RMF, covering the Govern, Map, Measure, and Manage functions across the AI lifecycle.
• AI Design::framework_component, AI RMF 1.0::framework_component, AI RMF 1::document, AI RMF cross-sectoral profiles::framework_component, AI Risk Management Framework Roadmap::document, AI actors::organization, Appendix C: AI Risk Management and Human-AI Interaction::framework_component, Board of Directors::organization, Executive leadership::person, GOVERN::framework_component, Human Factors::framework_component, ISO 31000:2018::resource, ISO/IEC TS 5723:2022::document, MANAGE::framework_component, MAP::framework_component, MEASURE::framework_component, NIST AI RMF Playbook::resource, NIST Trustworthy and Responsible AI Resource Center::organization, Organizations::organization, TEVV::framework_component

• This community focuses on specific organizational practices for testing AI systems and managing incident identification.
• GOVERN 4.3::framework_component

• This group covers the processes for engaging with AI actors and integrating external feedback into system design.
• GOVERN 5.1::framework_component, GOVERN 5.2::framework_component, GOVERN 5::framework_component

• This community addresses the risks associated with third-party software, data supply chains, and vendor failures.
• GOVERN 6.1::framework_component, GOVERN 6.2::framework_component, GOVERN 6::framework_component

• This community provides a detailed breakdown of the subcategories within the NIST AI RMF functions for governing, mapping, measuring, and managing AI risks.
• F 1.0::document, GOVERN function::framework_component, MANAGE 1::framework_component, MANAGE 2::framework_component, MANAGE 3::framework_component, MANAGE 4::framework_component, MANAGE function::framework_component, MAP 2::framework_component, MAP 3::framework_component, MAP function::framework_component, MEASURE 2.10::framework_component, MEASURE 2.11::framework_component, MEASURE 2.12::framework_component, MEASURE 2.6::framework_component, MEASURE 2.7::framework_component, MEASURE 2.8::framework_component, MEASURE 2.9::framework_component, MEASURE function::framework_component, NIST AI RMF 1.0::document, NIST AI RMF Playbook::document

• This community focuses on the effectiveness of Test, Evaluation, Verification, and Validation (TEVV) metrics in assessing AI performance.
• MEASURE 2.13::framework_component

• This community focuses on the mechanisms required to track and monitor AI risks over the duration of a system's operation.
• MEASURE 3::framework_component

• This community outlines the distinct phases of the AI lifecycle and the continuous application of TEVV to ensure quality and reliability.
• AI Deployment::framework_component, AI Development::framework_component, Operation and Monitoring::framework_component, Test, Evaluation, Verification, and Validation (TEVV)::framework_component

• This community highlights the multidisciplinary roles and teams, including domain experts and human factors professionals, required for AI risk assessment.
• AI Impact Assessment Teams::organization, Domain Experts::person, Human Factors Professionals::person

• This community focuses on the individuals who interact directly with AI systems.
• End users::person

• This community represents the groups and individuals who are indirectly or directly impacted by the outputs and decisions of AI systems.
• Affected individuals/communities::person

• This community focuses on the broader general public and their experience with the societal impacts of AI technologies.
• General public::person

The NIST AI Risk Management Framework (AI RMF 1.0), published in January 2023 by the U.S. Department of Commerce under Secretary Gina M. Raimondo and NIST Director Laurie E. Locascio, provides guidelines for managing AI risks. It is available for free at https://doi.org/10.6028/NIST.AI.100-1. Mention of commercial products in the document does not constitute an endorsement by NIST. The framework is a living document that will be reviewed regularly, with a formal community review expected by 2028. Updates use a versioning system where the first number indicates major revisions and the decimal indicates minor changes, all of which are tracked in a version control table.

The AI RMF Playbook will be updated frequently, with changes tracked in a Version Control Table that records version numbers, dates, and descriptions. Version numbers will follow an '.n' format (e.g., 1.1). You can email feedback to AIframework@nist.gov at any time; NIST reviews and incorporates these comments semi-annually. The Playbook is organized into two main parts: Part 1 covers foundational information, including risk framing, audience, AI trustworthiness characteristics (such as safety, security, and fairness), and effectiveness. Part 2 details the AI RMF Core, which consists of the Govern, Map, and Measure functions.

The NIST AI RMF 1.0 (AI 100-1) provides a framework for managing AI risks. The core of the framework consists of four functions: Govern (5.1), Map (5.2), Measure (5.3), and Manage (5.4), each detailed with specific categories and subcategories in Tables 1-4. The document also includes AI RMF Profiles (Section 6) and several appendices covering AI actor tasks, differences between AI and traditional software risks, human-AI interaction, and framework attributes. Key figures illustrate potential AI harms (Fig. 1), the AI system lifecycle and dimensions (Fig. 2), and the roles of AI actors throughout that lifecycle (Fig. 3).

The NIST AI RMF 1.0 Executive Summary highlights that while AI offers transformative benefits for society, health, and the economy, it also introduces significant risks that vary in scope and impact. To manage these risks, the framework outlines several key components: AI actors are categorized by their lifecycle roles, with a best practice of separating those who build models from those who verify and validate them. Trustworthy AI systems are built on a foundation of validity and reliability, supported by accountability and transparency. Finally, AI risk management is organized into four core functions—govern, map, measure, and manage—with governance serving as a cross-cutting function that informs all other activities.

AI risks vary in duration, probability, scope, and impact. The AI RMF defines an AI system as an engineered, machine-based tool that operates with varying autonomy to generate predictions, recommendations, or decisions that influence real or virtual environments (based on OECD 2019 and ISO/IEC 22989:2022). Unlike traditional software, AI risks are unique because systems can be trained on unpredictable, evolving data, making their behavior difficult to interpret. Because AI is socio-technical, its risks and benefits depend on the complex interaction between technology, human behavior, and societal context. If left uncontrolled, AI can worsen inequitable outcomes; however, with proper management, it can also help mitigate them. Effective AI risk management is essential for the responsible development and use of these systems.

AI systems can cause unfair outcomes, but proper risk management helps ensure they are developed and used responsibly. Responsible AI focuses on human-centric design, social responsibility, and sustainability. By critically evaluating the potential impacts of AI, organizations can build more trustworthy systems and earn public confidence. Key standards define social responsibility as ethical, transparent behavior (ISO 26000:2010) and sustainability as meeting current needs without harming future generations (ISO/IEC TR 24368:2022). Furthermore, professionals involved in AI development are expected to exercise 'professional responsibility,' recognizing their influence on society and the future of technology (ISO/IEC TR 24368:2022). These practices are guided by the NIST AI RMF 1.0 and the National Artificial Intelligence Initiative Act of 2020.

The AI Risk Management Framework (AI RMF), mandated by the National Artificial Intelligence Initiative Act of 2020, provides a voluntary, flexible guide for organizations to manage AI risks and promote responsible, trustworthy AI. It applies to all 'AI actors'—defined by the OECD as anyone involved in the AI lifecycle—across all sectors and use cases. The framework is designed to be practical and adaptable, ensuring society benefits from AI while remaining protected from its risks. NIST will continuously update the AI RMF to reflect technological advancements, global standards, and community feedback.

NIST will regularly update the AI Risk Management Framework (AI RMF) based on new technology, global standards, and user feedback. The framework is divided into two parts: Part 1 defines AI risks and the characteristics of trustworthy AI, such as safety, security, reliability, transparency, and fairness. Part 2 provides the 'Core' functions—GOVERN, MAP, MEASURE, and MANAGE—to help organizations practically address AI risks throughout the system lifecycle. Additional guidance is available in the AI RMF Playbook on the NIST website. This framework was developed in collaboration with public and private sectors to align with the National AI Initiative Act of 2020 and other federal standards initiatives.

The AI Risk Management Framework (AI RMF 1.0) aligns with the National AI Initiative Act of 2020, the National Security Commission on Artificial Intelligence, and the Plan for Federal Engagement in Developing Technical Standards and Related Tools. NIST developed this framework through extensive public engagement, including workshops, public comments, and forums. Future updates will be managed through an AI Risk Management Framework Roadmap. The framework aims to make AI systems more trustworthy by helping organizations identify and manage risks—defined as the probability and impact of an event—to minimize negative consequences like threats to civil liberties while maximizing positive outcomes.

AI systems can create both positive opportunities and negative threats. According to ISO 31000:2018, risk management involves coordinated activities to direct and control an organization regarding risk. When assessing negative outcomes, risk is defined by the severity of potential harm and the likelihood of it occurring (OMB Circular A-130:2016). These harms can affect individuals, groups, organizations, society, and the environment. This Framework aims to minimize these negative impacts while maximizing benefits, leading to more trustworthy and effective AI. By acknowledging the limitations and uncertainties of AI models, developers and users can improve system performance. The AI RMF is designed to be flexible, allowing it to address evolving risks and unforeseen impacts as AI technology advances.

AI applications are evolving rapidly, making it difficult to fully assess their potential risks and harms. A key challenge in AI risk management is the human tendency to overestimate AI capabilities, often assuming these systems are more objective or powerful than they actually are. According to the NIST AI RMF 1.0, managing these risks is essential for building trustworthy AI. A major obstacle is the difficulty of measuring risks that are not clearly defined. Furthermore, relying on third-party data, software, and hardware complicates risk assessment, as developers and operators may use different risk metrics or lack transparency regarding their methodologies.

Managing AI risk is challenging because developers and users often use different, non-transparent methods to measure risk. Risks also increase when companies integrate third-party data without proper internal oversight. To address this, all AI actors—whether developing, deploying, or using these systems—must actively manage risks and track new, emerging threats. While impact assessments are useful, there is currently no industry consensus on how to reliably measure AI trustworthiness. Existing metrics are often flawed, oversimplified, or biased by institutional interests. Effective risk measurement must account for specific contexts and recognize that AI harms can disproportionately affect different groups, including those who are not direct users of the system.

Measuring AI risks requires a nuanced approach that accounts for specific contexts, diverse community impacts, and the fact that those harmed may not be direct users. Key considerations include: 1) Lifecycle stages: Risks evolve as AI systems adapt, and developers and deployers often have different perspectives on these risks. All actors share responsibility for creating trustworthy systems. 2) Real-world settings: Risks identified in controlled lab environments often differ from those that emerge during actual operation. 3) Inscrutability: AI systems are often difficult to measure due to a lack of transparency, poor documentation, or inherent complexity. 4) Human baselines: Comparing AI performance to human activity is challenging because AI systems perform tasks differently than humans, making it difficult to establish standard metrics for risk management.

Evaluating AI systems that replace or augment human decision-making is challenging because AI performs tasks differently than humans, making it hard to establish standard comparison metrics. According to the NIST AI RMF 1.0 (Section 1.2.2), the framework helps prioritize risks but does not define specific 'risk tolerance'—the level of risk an organization is willing to accept to meet its goals. Risk tolerance is highly contextual, influenced by laws, regulations, industry norms, and organizational priorities, and it will evolve as technology and policies change. Because there is ongoing debate regarding how to balance AI costs and benefits, the framework may not be applicable in every situation. Organizations should use this flexible framework to supplement their existing risk management practices, ensuring they remain compliant with all relevant legal and professional requirements.

Organizations should integrate the AI RMF into their current risk management practices, ensuring alignment with relevant laws, industry standards, and sector-specific requirements. If no formal guidelines exist, organizations must define their own reasonable risk tolerance levels. Because it is impossible to eliminate all risks, organizations should avoid unrealistic expectations that waste resources. Instead, they should foster a risk-aware culture that prioritizes resources based on the specific impact and context of each AI system. High-risk systems require the most urgent attention and the most rigorous management processes.

The AI RMF 1.0 framework requires organizations to prioritize risks based on their severity and context. Systems posing unacceptable risks—such as those causing severe or imminent harm—must be paused until they can be safely managed. Conversely, low-risk systems may receive lower priority. Prioritization should be higher for systems that interact with humans or use sensitive data, while systems interacting only with other computers using non-sensitive data may be lower priority. However, all systems require regular assessment because even non-human-facing AI can have downstream consequences. Providers must document 'residual risk' (the risk remaining after mitigation) to ensure transparency for end users. Finally, AI risk management should not be handled in isolation; it requires collaboration, as different actors have distinct responsibilities throughout the AI lifecycle.

AI risk management should not be handled in isolation; instead, it must be integrated into an organization's broader enterprise risk management strategy alongside concerns like cybersecurity and privacy. Because different actors in the AI lifecycle have varying levels of information and responsibility, organizations should use the NIST AI RMF (AI Risk Management Framework) in conjunction with other existing frameworks. Many AI risks—such as data privacy, environmental impact, and system security—overlap with standard software development challenges. Ultimately, the AI RMF is only effective if supported by senior leadership, clear accountability, and a strong organizational culture. Organizations of all sizes must adapt these practices to fit their specific resources and capabilities.

Implementing the AI RMF may require cultural shifts, and the challenges faced vary based on an organization's size and resources. The framework is designed for a diverse range of 'AI actors'—individuals with varied expertise and backgrounds who manage AI throughout its lifecycle. These actors are responsible for the design, development, deployment, evaluation, and use of AI systems. The framework utilizes five socio-technical dimensions—Application Context, Data and Input, AI Model, Task and Output, and the NIST-emphasized Test, Evaluation, Verification, and Validation (TEVV) processes—to guide risk management. All AI actors, particularly those with TEVV expertise, should collaborate using this framework to ensure AI systems are trustworthy and responsible.

The NIST AI RMF 1.0 encourages all AI stakeholders to collaborate to ensure AI is trustworthy and responsible. Experts in Testing, Evaluation, Verification, and Validation (TEVV) play a critical role throughout the AI lifecycle. By performing TEVV tasks regularly, teams can identify technical, legal, and ethical risks, allowing for both immediate adjustments and long-term risk management. The 'People & Planet' dimension, central to the framework, focuses on human rights and societal well-being. This area involves a secondary group of stakeholders—including trade associations, researchers, advocacy groups, and impacted communities—who provide essential input to the primary AI actors. Risk management should begin during the initial planning and design phases and continue throughout the entire lifecycle of the AI system.

The 'Plan and Design' phase is a continuous part of the AI system lifecycle. Effective risk management requires collaboration among diverse AI actors, including environmental groups, civil society organizations, end users, and impacted communities. These groups help define operational boundaries, provide guidance, and balance societal priorities like equity, civil liberties, and the economy. Success depends on collective responsibility and diverse teams, which help uncover hidden assumptions and risks. As outlined in the NIST AI RMF 1.0, it is a best practice to separate those who build AI models from those who verify and validate them. Ultimately, to be considered trustworthy, AI systems must address the diverse values and needs of all interested parties.

The AI RMF 1.0 framework outlines how to build trustworthy AI by managing risks and balancing key characteristics. These characteristics include being valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with managed bias. Because these traits are socio-technical, they depend on organizational behavior, data quality, model selection, and human oversight. Trustworthiness is not a one-size-fits-all approach; developers must use human judgment to balance these factors based on the specific context of the AI system, as prioritizing one trait may require trade-offs with others.

Achieving AI trustworthiness is not as simple as addressing individual characteristics, as they often conflict and vary in importance depending on the situation. Trustworthiness is a social concept limited by its weakest element. Organizations must navigate difficult tradeoffs, such as balancing predictive accuracy against interpretability or privacy. Because these tradeoffs depend on specific contexts and values, they must be resolved through transparent and justifiable decision-making. To improve contextual awareness, organizations should involve subject matter experts in evaluations and engage a diverse range of stakeholders throughout the AI lifecycle. This collaborative approach helps ensure that AI risks are managed effectively and that the system's benefits are fully realized.

Involving relevant AI actors throughout the AI lifecycle helps identify system benefits and manage social risks. Because different roles—such as designers, developers, and deployers—perceive trustworthiness differently, these actors must collaborate. Trustworthiness characteristics are interconnected; for example, a system that is secure but unfair, or accurate but opaque, is undesirable. Therefore, all AI actors share the responsibility of balancing these tradeoffs and determining if an AI tool is appropriate for a specific context. Decisions to deploy AI should be based on a thorough assessment of risks, costs, benefits, and input from interested parties. A key aspect of trustworthiness is ensuring systems are 'Valid and Reliable.' Validation, as defined by ISO 9000:2015, confirms that a system meets its intended requirements. Reliability, defined by ISO/IEC TS 5723:2022, is the ability of a system to perform consistently without failure under specific conditions. Systems that are inaccurate, unreliable, or fail to generalize to new data increase risks and undermine trust.

According to ISO/IEC TS 5723:2022 and the NIST AI RMF 1.0, three key concepts define trustworthy AI: Reliability, Accuracy, and Robustness. Reliability is the ability of an AI to perform as required without failure over a specific time and under expected conditions. Accuracy is how close an AI's results are to the true values; measuring it requires clear test sets, realistic methodology, and documentation of both computational metrics and human-AI performance. Robustness, or generalizability, is the ability of a system to maintain performance across various circumstances, including unexpected settings, while minimizing potential harm. While accuracy and robustness are both essential for trustworthiness, they can sometimes conflict with one another.

According to the NIST AI RMF 1.0, AI systems must be robust, reliable, and valid to ensure they function as intended and minimize harm, especially in unexpected situations. Safety is defined by ISO/IEC TS 5723:2022 as the prevention of danger to human life, health, property, or the environment. To achieve this, organizations should prioritize safety from the earliest design stages through deployment. Key strategies include responsible development, clear user documentation, and human intervention when systems fail. Risk management must be tailored to the severity of potential harm, with the highest priority given to risks that could cause serious injury or death.

According to the NIST AI RMF 1.0, AI safety should be integrated early in the design phase to prevent dangerous failures. Effective safety strategies include rigorous simulation, real-time monitoring, and the ability for human intervention or system shutdown. These practices should align with established safety standards from fields like healthcare and transportation. Regarding security and resilience, AI systems must be able to withstand unexpected changes or attacks while maintaining core functions. Security involves protecting against threats like data poisoning and unauthorized access, often using the NIST Cybersecurity Framework. Resilience focuses on the system's ability to recover from adverse events and continue operating safely.

Resilience and security are related but distinct. Resilience is the ability to recover from unexpected events, while security includes resilience plus the protocols needed to prevent, respond to, and recover from attacks. Resilience also covers how models handle misuse or adversarial use. Trustworthy AI requires accountability, which relies on transparency. Transparency means providing clear information about an AI system—such as its design, training data, and intended use—to the right people at the right time. This openness builds confidence and allows for accountability if the system causes harm. While transparency alone does not guarantee that a system is accurate, secure, or fair, it is essential for evaluating those qualities as AI systems evolve.

Transparency does not automatically guarantee that an AI system is accurate, secure, or fair, but it is much harder to evaluate these qualities in 'opaque' or hidden systems. To ensure accountability, we must consider the roles of AI actors, noting that risk and responsibility vary across different legal and cultural contexts. When AI decisions impact life or liberty, developers and deployers must increase their transparency and accountability efforts. Organizations should implement risk management and harm-reduction structures to improve accountability, while balancing these needs against resource constraints and the protection of proprietary information. Maintaining clear records of training data provenance and respecting intellectual property rights are essential for accountability. Developers are encouraged to test various transparency tools in collaboration with deployers to ensure systems function as intended. Finally, 'explainability'—understanding how an AI works—and 'interpretability'—understanding what its outputs mean—are both critical for helping users and overseers trust and evaluate AI systems.

Explainability and interpretability help users, operators, and overseers understand how AI systems function and why they are trustworthy. Many risks associated with AI stem from a lack of clarity regarding system outputs. By providing tailored explanations based on a user's role and expertise, organizations can better manage these risks, improve debugging, and strengthen documentation and governance. While transparency explains 'what' happened, explainability clarifies 'how' a decision was made, and interpretability explains 'why' it was made and what it means. Additionally, privacy practices are essential to protect human autonomy, identity, and dignity by limiting intrusion and ensuring individuals maintain control over their personal data and reputation. This information is sourced from the NIST AI 100-1 AI RMF 1.0.

Privacy in AI protects human autonomy, identity, and dignity by limiting observation and ensuring individuals control their personal data and reputation, as outlined in the NIST Privacy Framework. Designers should prioritize anonymity, confidentiality, and control, while balancing privacy against security, bias, and transparency. AI systems can create new privacy risks, such as identifying individuals through data inference. While Privacy-Enhancing Technologies (PETs) and data minimization methods like de-identification help, they may sometimes reduce model accuracy. Regarding fairness, AI systems must address harmful bias and discrimination. Fairness is complex and culturally subjective, so organizations must consider diverse perspectives. Even if a system balances predictions across demographic groups, it may still be unfair if it excludes people with disabilities or worsens systemic inequalities. Ultimately, bias involves more than just data representativeness; it is a broad issue that requires ongoing management.

According to the NIST AI RMF 1.0, AI bias is a complex issue that goes beyond just data representation. NIST identifies three main categories of bias: systemic (found in datasets, organizational practices, and society), computational and statistical (caused by errors or non-representative data), and human-cognitive (how people perceive information or make decisions). These biases can occur even without intentional discrimination. Because AI can accelerate and scale these biases, they can cause significant harm to individuals and society. Managing these risks is essential for ensuring fairness and transparency in AI systems. For further details, refer to NIST Special Publication 1270.

NIST plans to work with the AI community to evaluate the effectiveness of the AI Risk Management Framework (AI RMF 1.0). Organizations using the framework should regularly assess if it helps them manage AI risks, including their policies, processes, and outcomes. NIST will collaborate with users to create metrics and share findings. By using the AI RMF, organizations can expect several benefits: improved risk governance and documentation; a better understanding of AI trustworthiness and trade-offs; clearer decision-making for system deployment; stronger organizational accountability; a culture that prioritizes risk management; better information sharing; increased awareness of downstream risks; improved engagement with stakeholders; and enhanced capacity for testing, evaluation, verification, and validation (TEVV).

The NIST AI RMF 1.0 (AI Risk Management Framework) provides a structured approach to building trustworthy AI. Its Core consists of four primary functions: GOVERN, MAP, MEASURE, and MANAGE. These functions are organized into categories and subcategories that outline specific outcomes and actions, which are not intended as a rigid checklist. Governance acts as a foundational element that informs the other three functions. Effective risk management requires a continuous, multidisciplinary process throughout the entire AI lifecycle. Engaging diverse perspectives—including those from outside the organization—is essential to identifying potential risks and improving the overall quality of AI systems.

The NIST AI RMF 1.0 helps organizations identify and manage risks throughout the AI lifecycle. To assist with implementation, NIST provides the AI RMF Playbook, a voluntary online resource offering tactical guidance that organizations can customize to fit their specific needs. Both the AI RMF and the Playbook are part of the NIST Trustworthy and Responsible AI Resource Center. Organizations can apply the framework's functions—GOVERN, MAP, MEASURE, and MANAGE—in any order that suits their capabilities, though most users begin with GOVERN and MAP. The process is intended to be iterative, allowing users to cross-reference categories and subcategories as they manage AI risks.

The GOVERN function is a foundational, cross-cutting element of the NIST AI RMF 1.0 that must be integrated into all stages of an AI system's lifecycle. It establishes a culture of risk management by aligning technical AI development with organizational values, policies, and strategic goals. Key responsibilities of GOVERN include: creating processes to identify and manage risks to users and society; assessing potential impacts; ensuring compliance with legal and third-party requirements; and providing a framework for individuals involved in acquiring, training, and monitoring AI. Effective governance requires continuous oversight from senior leadership, who set the tone for the organization's risk tolerance and ethical standards.

Effective AI risk management requires clear leadership and structure. Governing authorities define the organization's mission, values, and risk tolerance, while senior leadership sets the tone for the organizational culture. Management is responsible for aligning technical AI operations with these policies. Maintaining thorough documentation improves transparency, accountability, and human oversight. Organizations should foster a culture focused on understanding and managing risks, continuously updating these practices as AI technology and expectations evolve. Detailed guidance on these governance practices can be found in the NIST AI RMF Playbook. The GOVERN function focuses on ensuring that policies and procedures for mapping, measuring, and managing AI risks are transparent and effective. This includes understanding legal requirements (GOVERN 1.1), integrating trustworthy AI characteristics (GOVERN 1.2), tailoring risk management to the organization's risk tolerance (GOVERN 1.3), and establishing clear, transparent processes based on organizational priorities (GOVERN 1.4).

The NIST AI RMF 1.0 GOVERN function outlines how organizations should manage AI risks. GOVERN 1.4 requires transparent policies and controls aligned with risk priorities. GOVERN 1.5 mandates ongoing monitoring, periodic reviews, and clearly defined roles. GOVERN 1.6 requires an inventory of AI systems, while GOVERN 1.7 ensures safe decommissioning of AI systems. GOVERN 2 focuses on accountability, requiring that teams are empowered and trained. Specifically, GOVERN 2.1 mandates clear documentation of roles and communication lines. GOVERN 2.2 requires AI risk management training for personnel and partners. Finally, GOVERN 2.3 establishes that executive leadership is responsible for all AI development and deployment risk decisions.

The NIST AI RMF 1.0 GOVERN function outlines five key areas for managing AI systems: GOVERN 2.3 requires executive leadership to take accountability for AI-related risks. GOVERN 3 mandates that diversity, equity, inclusion, and accessibility are prioritized throughout the AI lifecycle, supported by diverse teams (3.1) and clear definitions of human roles and oversight responsibilities (3.2). GOVERN 4 focuses on fostering a safety-first culture by implementing policies that encourage critical thinking (4.1), documenting and communicating AI risks and impacts (4.2), and establishing practices for testing, incident reporting, and information sharing (4.3). Finally, GOVERN 5 requires processes for engaging with all relevant stakeholders involved in AI.

The governance framework outlines several key requirements for AI management: GOVERN 4.3 requires systems for AI testing, incident reporting, and information sharing. GOVERN 5 focuses on engaging with external stakeholders, with 5.1 requiring the collection of feedback on societal impacts and 5.2 requiring that this feedback be integrated into system design. GOVERN 6 addresses supply chain risks, with 6.1 covering third-party intellectual property rights and 6.2 requiring contingency plans for high-risk third-party failures. Additionally, the MAP function is used to define the context of AI risks. Because the AI lifecycle involves many interdependent activities and actors who often lack full visibility into the entire process, mapping is essential to anticipate potential impacts.

In the NIST AI RMF 1.0, managing AI risk is challenging because different teams often lack visibility into the entire AI lifecycle. Decisions made early on, such as defining an AI's purpose, can significantly change how the system behaves later, meaning good intentions at one stage can be undone by actions in another. To address this uncertainty, the 'MAP' function is essential. It helps organizations identify risks and context, which serves as the foundation for the 'MEASURE' and 'MANAGE' functions. Effective risk management requires a deep understanding of these contexts and should be strengthened by gathering diverse perspectives from internal teams, external collaborators, end users, and impacted communities.

To build trustworthy AI, organizations should engage with end users, impacted communities, and external experts. This collaborative approach helps teams better understand the AI's context, challenge their own assumptions, identify potential risks or limitations, and discover beneficial uses. By completing the 'MAP' function of the NIST AI RMF, organizations gain the necessary insights to decide whether to proceed with an AI project. If they move forward, they should use the 'MEASURE,' 'MANAGE,' and 'GOVERN' functions to handle risks, while continuously re-evaluating the system as it evolves. Detailed guidance on these mapping practices can be found in the NIST AI RMF Playbook.

The NIST AI RMF 1.0 (Table 2) outlines the 'MAP' function for AI systems. MAP 1 focuses on establishing and understanding context: MAP 1.1 requires documenting the AI's purpose, intended users, potential impacts, and limitations. MAP 1.2 emphasizes using diverse, interdisciplinary teams. MAP 1.3 and 1.4 require documenting organizational goals and business value. MAP 1.5 involves setting risk tolerance levels. MAP 1.6 requires defining system requirements that address socio-technical risks. MAP 2 focuses on the formal categorization of the AI system.

The NIST AI RMF 1.0 framework outlines the MAP function for managing AI risks through three main areas: MAP 2 (Categorization), MAP 2.1-2.3 (Documentation and Integrity), and MAP 3 (Capabilities and Impact). MAP 2 requires defining the AI's tasks and methods (e.g., generative models), documenting knowledge limits, and establishing human oversight protocols. It also mandates documenting scientific integrity, data quality, and testing (TEVV) procedures. MAP 3 focuses on evaluating the AI's goals by documenting potential benefits, assessing both monetary and non-monetary costs related to system errors, and clearly defining the intended scope of use based on the system's capabilities.

The NIST AI RMF 1.0 MAP function outlines the following requirements for AI systems: MAP 3.3 requires defining the system's scope based on its capabilities and categorization. MAP 3.4 mandates that staff proficiency, technical standards, and certifications are documented and assessed. MAP 3.5 requires formal processes for human oversight aligned with organizational policies. MAP 4 focuses on mapping risks and benefits for all system components, including third-party software and data. MAP 4.1 requires documenting legal and technology risks, including potential intellectual property infringement. MAP 4.2 requires identifying and documenting internal risk controls for all components. MAP 5 requires characterizing the impacts of the AI system on individuals, groups, and society. MAP 5.1 mandates documenting the likelihood and magnitude of both beneficial and harmful impacts based on past performance, public reports, and external feedback.

According to NIST AI 100-1 (AI RMF 1.0), the MEASURE function is used to analyze, assess, and monitor AI risks and impacts using quantitative or qualitative methods. This function builds on the MAP function and provides data to the MANAGE function. Key requirements include: 1) Testing AI systems before and during deployment to document functionality and trustworthiness. 2) Tracking metrics related to social impact, human-AI interaction, and trustworthy characteristics. 3) Using rigorous software testing, performance benchmarks, and uncertainty measurements, supported by formal documentation. 4) Utilizing independent reviews to reduce bias and conflicts of interest. 5) Using measurement data to make informed decisions when trade-offs are necessary, such as recalibrating, mitigating impacts, or removing a system. Ultimately, organizations must establish and document objective, repeatable, and scalable test, evaluation, verification, and validation (TEVV) processes.

The MEASURE function ensures that AI systems are evaluated using objective, repeatable, and transparent testing, evaluation, verification, and validation (TEVV) processes. Users should develop both qualitative and quantitative metrics that align with scientific, legal, and ethical standards. These measurements help track AI risks and system trustworthiness, with results informing the MANAGE function for ongoing risk response. Because AI risks evolve, this measurement process must be continuous. Detailed guidance is available in the NIST AI RMF Playbook. The MEASURE function consists of two main parts: MEASURE 1.1 involves selecting metrics for the most significant risks identified in the MAP function and documenting any risks that cannot be measured. MEASURE 1.2 requires the regular assessment and updating of these metrics and controls, including reporting on errors and their impact on communities.

The NIST AI RMF 1.0 'MEASURE' function outlines requirements for evaluating AI systems. Key actions include: 1.2) Regularly updating AI metrics and controls while tracking errors and community impacts. 1.3) Involving independent internal experts, external stakeholders, and affected communities in assessments. 2.1) Documenting all testing tools, metrics, and data. 2.2) Ensuring human-subject evaluations are ethical and representative. 2.3) Measuring performance against real-world deployment conditions. 2.4) Monitoring system behavior during production. 2.5) Proving the system is valid and reliable, while clearly documenting its limitations. 2.6) Conducting ongoing safety risk assessments.

Table 3 outlines the MEASURE function categories for AI systems. MEASURE 2.6 requires regular safety evaluations to ensure the system is reliable, robust, and fails safely within risk tolerance limits. MEASURE 2.7 through 2.12 mandate that risks related to security, transparency, accountability, model explanation, privacy, fairness, bias, and environmental impact are assessed and documented based on the MAP function. MEASURE 2.13 requires documenting the effectiveness of TEVV metrics. Finally, MEASURE 3 requires implementing mechanisms to track identified AI risks over time.

The MEASURE function of the NIST AI RMF 1.0 ensures AI systems are evaluated effectively. MEASURE 3 focuses on tracking AI risks: organizations must establish personnel and processes to monitor known and emerging risks (3.1), develop tracking methods for complex scenarios where standard metrics fail (3.2), and create feedback channels for users to report issues or appeal outcomes (3.3). MEASURE 4 focuses on improving measurement efficacy: organizations must tailor measurement approaches to specific deployment contexts using expert and user input (4.1), validate system trustworthiness through expert consultation (4.2), and document performance changes based on feedback from affected communities and field data (4.3).

The MANAGE function focuses on allocating resources to address AI risks identified during the MAP and MEASURE phases. Key activities include creating plans to respond to, recover from, and communicate about incidents. By using expert consultations and feedback from affected communities, organizations can reduce system failures and negative impacts. This function requires systematic documentation to ensure transparency and accountability, as well as processes for monitoring new risks and making continuous improvements. Users are expected to prioritize risks and regularly update their management strategies as AI systems, contexts, and stakeholder needs evolve. Detailed guidance for these practices can be found in the NIST AI RMF Playbook.

The NIST AI RMF 1.0 guidelines for managing AI systems include the following requirements: 1) Systems must have clear procedures to deactivate or override AI that performs unexpectedly. 2) Risks and benefits from third-party entities and pre-trained models must be actively monitored, controlled, and documented. 3) Organizations must maintain documented plans for risk response, recovery, and communication. This includes implementing post-deployment monitoring, gathering user feedback, providing appeal mechanisms, and managing system updates. Finally, all incidents and errors must be tracked, documented, and communicated to affected parties and stakeholders.

Section 4.3 requires that all AI-related incidents and errors be documented and communicated to relevant stakeholders, including affected communities. Organizations must follow established procedures to track, address, and recover from these issues. Section 6 introduces 'AI RMF Profiles,' which are customized implementations of the AI Risk Management Framework tailored to specific sectors or applications, such as hiring or fair housing. These profiles help organizations align risk management with their goals, legal requirements, and resources. 'Temporal Profiles' are used to assess progress: a 'Current Profile' describes existing risk management practices, while a 'Target Profile' outlines desired future outcomes. By comparing these two, organizations can identify gaps, create action plans, and prioritize resources to manage AI risks effectively and cost-efficiently.

The NIST AI RMF 1.0 helps organizations determine the resources—such as staff and funding—needed to manage AI risks efficiently. It introduces 'cross-sectoral profiles,' which address risks common to various industries or applications, such as large language models, cloud services, or procurement. These profiles are flexible and do not require a specific template. Additionally, the framework defines AI actor tasks: 'AI Design' involves planning, setting objectives, and data preparation to ensure systems are lawful and effective. This phase involves a wide range of contributors, including data scientists, domain experts, legal teams, and community representatives. 'AI Development' tasks follow during the model creation phase.

The AI lifecycle consists of four primary stages, each involving specific tasks and actors: 1. AI Development: Experts like data scientists and developers build, train, and test models. 2. AI Deployment: Teams including system integrators and end users manage the system's integration into production, ensuring regulatory compliance and compatibility. 3. Operation and Monitoring: Operators, auditors, and management oversee the system's ongoing performance and impact. 4. Test, Evaluation, Verification, and Validation (TEVV): These critical assessment tasks occur continuously throughout the entire lifecycle. Various stakeholders, including governance experts, data engineers, and third-party entities, contribute across these phases.

The NIST AI RMF 1.0 outlines Test, Evaluation, Verification, and Validation (TEVV) processes performed by AI actors—such as developers, auditors, and researchers—throughout the AI lifecycle. Ideally, those verifying and validating systems should be separate from those testing and evaluating them. TEVV tasks occur in four key phases: 1) Design and Data: Validating assumptions and requirements. 2) Development: Validating and assessing models. 3) Deployment: Integrating systems, testing performance, and ensuring legal and ethical compliance. 4) Operations: Monitoring, recalibrating, tracking errors, and managing incident responses. Additionally, Human Factors are integrated across all phases to ensure human-centered design, active user involvement, and the consideration of social norms and values.

The NIST AI RMF 1.0 outlines key roles and responsibilities for managing AI systems throughout their lifecycle: 1) Human Factors Professionals ensure AI is designed with human needs in mind by evaluating user experiences and integrating human dynamics. 2) Domain Experts provide specialized knowledge of specific industries or sectors to guide system design and help interpret AI outputs. 3) AI Impact Assessors evaluate systems for accountability, bias, safety, liability, and security using technical, legal, and socio-cultural expertise. 4) Procurement teams manage the financial and legal aspects of acquiring AI products from third-party vendors. 5) Governance and Oversight teams, including senior leadership and Boards of Directors, hold the ultimate authority and responsibility for the organization's AI strategy, impact, and sustainability.

Effective AI governance involves several key groups. Internal leadership, including management, senior executives, and the Board of Directors, oversees the organization's overall impact and sustainability. External third-party entities—such as vendors, developers, and evaluators—provide AI tools and services, though their risk standards may differ from the organization using them. End users are the individuals who directly interact with AI systems, regardless of their technical expertise. Affected individuals and communities include anyone impacted by AI decisions, even if they do not interact with the system directly. Additionally, groups like trade associations, researchers, and advocacy organizations provide guidance and standards for managing AI risks. Finally, the general public experiences the primary impacts of AI and often drives the demand for responsible AI development.

According to the NIST AI RMF 1.0 (Appendix B), AI systems share some risks with traditional software, such as broad societal impacts, but also introduce unique challenges that current risk frameworks do not fully cover. While features like pre-trained models can improve accuracy, they also require careful management. Key AI-specific risks include: data that may be biased, poor quality, or unrepresentative of the intended use; a heavy reliance on complex, large-scale training data; the risk that training processes may unintentionally alter system performance; the potential for datasets to become outdated or disconnected from their original context; and the immense complexity of AI systems, which can involve trillions of decision points. AI actors—including individuals, communities, and consumers—should use the MAP function to identify these contextual factors and determine appropriate risk management strategies.

According to the NIST AI RMF 1.0 (Page 38), AI systems present unique challenges compared to traditional software. Key issues include: 1) Data and models can become outdated or detached from their original context. 2) The massive scale and complexity of AI make it difficult to manage. 3) Pre-trained models introduce statistical uncertainty, bias, and reproducibility concerns. 4) It is hard to predict failure modes or side effects in large-scale models. 5) AI increases privacy risks through enhanced data aggregation. 6) Systems require frequent maintenance due to data or concept drift. 7) AI is often opaque, making it difficult to test or document compared to traditional software standards. 8) High computational costs negatively impact the environment. Finally, privacy and cybersecurity risk management must be integrated into the entire AI lifecycle and broader enterprise risk strategies.

Organizations should integrate AI risk management into their broader enterprise risk strategies. To improve AI trustworthiness—specifically regarding security and privacy—organizations can use established standards like the NIST Cybersecurity Framework, NIST Privacy Framework, NIST Risk Management Framework, and the Secure Software Development Framework. These frameworks, which are outcome-based and structured around core functions, can help inform the MAP, MEASURE, and MANAGE functions of the AI RMF. However, existing frameworks are insufficient for addressing unique AI challenges, such as harmful bias, generative AI risks, specific machine learning attacks (like model extraction or evasion), complex AI attack surfaces, and risks involving third-party technologies or off-label use.

Organizations should address security risks related to AI, including third-party tools, transfer learning, and off-label use where systems are adapted outside of internal controls. Because technology evolves quickly, organizations must monitor advancements to ensure AI remains trustworthy and responsible. According to the NIST AI RMF 1.0 (Appendix C), managing AI risks requires understanding human-AI interaction. A major challenge is that AI models often convert complex human behavior into mathematical data, which can strip away essential context and obscure societal impacts. To manage these risks, organizations must clearly define human roles in AI oversight. These roles vary depending on the system, ranging from fully autonomous models that require no human intervention to systems that function as decision-support tools or require constant human supervision.

According to the NIST AI RMF 1.0, AI systems can either assist human experts or operate independently, such as in video compression. However, human oversight is often necessary because AI development and use are prone to systemic and cognitive biases. These biases, which can be worsened by a lack of transparency, may influence organizational structures and lead to negative outcomes for end users and policymakers. Human-AI interaction is complex; while it can sometimes amplify bias in judgment tasks, it can also improve performance through effective teamwork. Because humans interpret AI outputs differently based on their individual skills and preferences, the 'GOVERN' function is essential for organizations to clearly define roles and responsibilities for those managing and overseeing AI systems.

The NIST AI RMF 1 outlines two key functions for managing human-AI teams: GOVERN and MAP. The GOVERN function helps organizations define clear roles and responsibilities for human team members and AI supervisors, while establishing transparent decision-making processes to reduce systemic bias. The MAP function focuses on building internal expertise by documenting standards, certifications, and procedures for evaluating AI performance, trustworthiness, and real-world impacts throughout the AI lifecycle. Both functions emphasize the need for diverse, interdisciplinary teams that incorporate feedback from the community to ensure AI systems align with societal values and user intentions. Finally, the framework notes that ongoing research is needed to understand how humans interact with AI, specifically regarding how often and why people choose to challenge or overrule AI-generated outputs.

Future research should examine how and why humans choose to override AI system decisions. The NIST AI RMF 1.0 (Appendix D) outlines seven core principles that guided its development: 1) It is risk-based, efficient, pro-innovation, and voluntary. 2) It is developed through an open, consensus-driven process involving all stakeholders. 3) It uses plain language accessible to both non-experts and technical practitioners to facilitate clear communication. 4) It provides a standardized vocabulary, including definitions and metrics, for managing AI risk. 5) It is designed to be intuitive and easily integrated into existing organizational risk management strategies. 6) It is universally applicable across all sectors and AI technologies. 7) It focuses on desired outcomes rather than prescribing specific methods.

The AI RMF is designed to be a flexible, evolving resource that helps organizations manage AI risks. Its core principles include: 6. Universal applicability across all AI technologies and sectors. 7. A focus on outcomes rather than rigid, one-size-fits-all rules. 8. Integration with existing best practices while highlighting the need for new tools. 9. Compatibility with all domestic and international laws and regulations. 10. A 'living document' status that allows for updates as technology and understanding advance. This publication is available for free at https://doi.org/10.6028/NIST.AI.100-1.