Using the NIST AI Risk Management Framework: Govern, Map, Measure, Manage
The first time a client showed me their NIST AI RMF adoption plan, it was a 94-page binder. By page 30 I had stopped reading. By page 60 I was sure no one in the room had read it either. The framework itself is a good piece of work; the binder was the problem. Voluntary scaffolding turned into a compliance ritual, and the ritual was eating all the time that should have gone into actually governing the models.
The NIST AI Risk Management Framework gives you a borrowable four-verb spine for an AI risk program: Govern, Map, Measure, Manage. It is voluntary, it travels across jurisdictions, and it pairs cleanly with whatever enterprise risk program you already run. The trap is adopting it as a binder. The win is picking three to five practices from each function and running them well.
What the four functions actually answer
NIST‘s writing is careful, almost diplomatic. Stripped of the diplomacy, each function answers one blunt question.
Govern answers: who is on the hook, and by what rules. It is the cross-cutting one, the function that touches the other three. If Govern is weak the other three drift, because nobody has the authority to make decisions stick.
Map answers: what AI do we actually have, what is it for, and who could it hurt if it misbehaves. Most of the work here is unglamorous: inventory, context, intended use, foreseeable misuse, the people affected.
Measure answers: is the system working and is it staying in lane. Performance, bias, robustness, drift, the things you can test before launch and the things you have to monitor after.
Manage answers: what do we do when something is wrong. Prioritisation, response, mitigation, the off switch, the path back to a safe state, the documentation that proves you took the right call.
Read in that order, the four verbs are how any operational risk program already thinks. That is on purpose. NIST built the AI RMF so a CISO or a chief risk officer would recognise the shape on first read.
The smallest defensible implementation
You do not need every practice in the AI RMF Playbook. You need a small, true subset that you actually run. Here is the version I have watched hold up across three industries.
Govern (3 practices). One named accountable owner for AI risk at the executive table. One documented policy that states what AI you will and will not deploy. One standing forum (monthly is enough) where high-tier model decisions get reviewed and minuted.
Map (4 practices). A live AI inventory that includes Shadow AI and vendor-embedded AI, not just what the data science team built. A one-page context sheet per system covering intended use and out-of-scope use. A documented impact assessment for high-tier systems (who is affected, how, in what failure modes). A risk tier per system that drives the rest of the program.
Measure (4 practices). Pre-launch evaluation for high-tier systems covering accuracy, bias, and robustness. Production monitoring for drift on the inputs and the outputs. A defined set of metrics per system with thresholds that trigger review. A scheduled re-evaluation cadence (quarterly for high tier, yearly for low).
Manage (3 practices). A response plan per high-tier system that names the off switch, the human escalation, and the rollback. An incident log that records what fired, what was done, and what changed afterwards. A quarterly review where the program owner reports what the inventory looks like now versus three months ago.
Fourteen practices total. That is the floor. Below this you are not running a program. Above this is where most binder-driven adoptions die, because every added practice doubles the maintenance and halves the chance anyone actually does it.
How it plugs into the four controls
The hub article on AI risk management and the framework article on building a GRC program both lean on a four-control schema (named owner, audit log, human checkpoint, documented purpose). NIST’s four functions wrap that schema cleanly.
| NIST function | The four controls it puts in place |
|---|---|
| Govern | Named owner, documented purpose (policy and per-system) |
| Map | Documented purpose (intended and out-of-scope use), feeds the inventory |
| Measure | Audit log (what was tested, what the production metrics say) |
| Manage | Human checkpoint (response plan, off switch, escalation) |
This is the way to read NIST if you already have a GRC program: you are not bolting a new system on, you are giving the system you have a vocabulary that AI auditors and AI buyers recognise. The Generative AI Profile that NIST published in 2024 adds practices specific to LLMs (training-data provenance, content-origin disclosure, jailbreak resilience), and slots into the same four functions.
What NIST AI RMF does NOT do
This is the part of the conversation that saves the most pain.
It is not a checklist. There is no row you tick to be “RMF compliant”. The framework explicitly leaves it to you to choose practices proportional to your risk. Buyers who ask for an RMF compliance statement are asking a question the framework does not answer.
It is not a certification. No body issues a NIST AI RMF certificate. If you need a certifiable management system you want ISO/IEC 42001, which an accredited certifier audits and stamps. NIST gives you the spine; ISO 42001 gives you the certificate.
It is not law. The RMF is voluntary in the United States. It does not satisfy EU AI Act obligations, sector rules, or contractual commitments. It is a useful organising structure for the work those regimes demand, not a substitute for the work itself.
It does not pick your tier. Govern and Map ask you to set the risk tier for each system. The framework will not do that for you. The blast-radius + reversibility test from the risk hub is one workable rule; pick one and use it consistently.
I have watched teams treat the framework as all four of these things at once, and the program drowns in its own self-importance. Read what NIST actually says, take the spine, and leave the rest.
A 30-day adoption sprint
If you want one path in, here it is.
Week 1, Govern. Name the accountable owner. Draft the one-page policy. Schedule the first monthly forum.
Week 2, Map. Stand up the inventory. Walk the floor, interview teams, do not survey. Set the tier for the top ten systems.
Week 3, Measure. For the two or three highest-tier systems, define the metrics and thresholds. Pull a baseline. Schedule the first re-evaluation.
Week 4, Manage. Write the response plan for each high-tier system. Test the off switch in a staging environment. Hold the first review and minute the decisions.
End of month one you have a small, true RMF-aligned program that you can show a buyer, an auditor, or a board member. Then you widen. The binder version takes six months and convinces no one; the small one takes a month and survives the holidays.
