The NIST AI Risk Management Framework: What Enterprise Leaders Need to Understand
The NIST AI Risk Management Framework (AI RMF 1.0) has quietly become the most widely adopted enterprise AI governance framework in the United States — 57–67% of CISOs use it according to the 2026 Hitch Partners Global CISO Leadership Report. Voluntary, but load-bearing. Here is what the framework contains, how the 2024 Generative AI Profile extends it, and why it endured a change of US administration when the executive order that popularised it did not.
Key Takeaways
- NIST AI RMF 1.0 was published on 26 January 2023 and remains a **voluntary** framework organised around four core functions — GOVERN, MAP, MEASURE, and MANAGE — that operationalise seven characteristics of trustworthy AI (NIST).
- The Generative AI Profile (**NIST AI 600-1**), published on 26 July 2024, enumerates **12 risk categories unique to or exacerbated by generative AI** — including confabulation, CBRN information, data privacy, information integrity, information security, human-AI configuration, intellectual property, and value chain integration — and maps suggested actions to each core function (NIST AI 600-1).
- Adoption is real: the 2026 Hitch Partners Global CISO Leadership Report (625+ executives) found NIST AI RMF is the **leading AI governance framework at 57–67% CISO adoption** — higher than any competing framework. It is now the de facto US enterprise reference point.
- The framework outlived its political tailwind. Executive Order 14110, which had elevated the RMF's public profile, was rescinded on 20 January 2025 and replaced by Executive Order 14179 on 23 January 2025. The RMF itself, as a voluntary NIST publication rather than an EO instrument, was untouched and continues to be the standard buyers, boards, and CISOs reach for.
- NIST AI RMF is complementary to — not a substitute for — ISO/IEC 42001 (the certifiable management-system standard) and the EU AI Act (binding law). Search demand — "nist ai rmf" averages ~3,600 monthly US searches and ~720 in India at a US CPC of $20.74 (Google Ads data, July 2026) — reflects buyer-side and practitioner-side interest, not just US-federal interest.
Two years after publication, the NIST AI Risk Management Framework has become the most widely referenced voluntary AI governance framework in the enterprise world — quietly, and largely without regulatory pressure forcing the issue. It is what US-headquartered enterprises point to when a customer, board member, insurer, or regulator asks "how do you manage AI risk?" — and, increasingly, what non-US enterprises point to as well.
This guide explains what the framework actually contains, how the 2024 Generative AI Profile extends it, how it relates to ISO/IEC 42001 and the EU AI Act, and how enterprise leaders should think about adopting it.
What NIST AI RMF Is (and Is Not)
The NIST AI Risk Management Framework 1.0 was published by the US National Institute of Standards and Technology on 26 January 2023. It is a voluntary framework — not law, not a certification standard, and not a technical specification for building AI. Its purpose is to give organisations a common vocabulary and a structured method for identifying, assessing, prioritising, and managing risks across the AI lifecycle.
Three properties of the framework matter for how leaders should think about it:
- It is voluntary. No organisation is compelled to adopt it. Its authority comes from being the reference framework a NIST authored — the same NIST behind the widely adopted Cybersecurity Framework — and from the fact that it was developed through an open, multi-year, multi-stakeholder process.
- It is risk-based. The framework does not tell you which AI systems to build, or which to avoid. It tells you how to think about the risks each system creates, how to prioritise them against the value the system delivers, and how to manage them over time. That risk-based posture is what makes it usable across sectors and use cases.
- It is designed for the AI lifecycle, not a single stage. GOVERN, MAP, MEASURE, and MANAGE are meant to be applied continuously — through design, development, deployment, monitoring, and decommissioning — and revisited as systems and contexts change.
Importantly, the framework applies to organisations that build AI and to organisations that only use AI. A bank buying a third-party fraud-detection model, and a start-up training its own foundation model, both find the framework applicable — the risks and mitigations differ, but the structure is the same.
The Four Core Functions
The core of AI RMF 1.0 is a set of four functions, arranged in a continuous cycle rather than a linear sequence:
- GOVERN. Cultivate a culture of risk management. Establish policies, processes, procedures, roles, and accountability structures for AI across the organisation. Ensure senior leadership ownership, workforce competence, and the diversity of perspectives that AI risk assessment requires. GOVERN is the function most organisations underestimate — the one that turns AI risk management from a project into an ongoing capability.
- MAP. Establish the context in which an AI system operates. Identify who is affected, what capabilities and limitations the system has, what its intended use is, what its potential misuse looks like, and what interdependencies it has with other systems. MAP is what turns a generic risk framework into an assessment of this system in this context.
- MEASURE. Analyse, assess, benchmark, and monitor the risks and impacts MAP has identified. This includes quantitative and qualitative methods, and — crucially — tracking risk over time as systems, data, and use patterns change. MEASURE is where organisations decide how well they understand their AI risks, not just whether they have identified them.
- MANAGE. Allocate resources to prioritised risks and act. Treat, transfer, avoid, or accept risks on a considered basis; plan for incidents; and put in place response, recovery, and communications processes. MANAGE is what closes the loop — the point at which risk analysis becomes operational decision.
The four functions are supported by categories and subcategories — dozens of specific outcomes an organisation can adopt — and by a companion Playbook, published on the NIST AI Resource Center, which offers concrete suggestions for each subcategory. The Playbook is not part of the standard itself, but it is often what practitioners actually work from.
The Seven Characteristics of Trustworthy AI
Underlying the four functions is NIST's articulation of what makes an AI system trustworthy. The framework identifies seven characteristics — presented not as a checklist but as often-competing objectives an organisation must consciously balance:
- Valid and reliable — accurate, robust, and generalisable across the conditions of deployment.
- Safe — does not, under defined conditions, lead to harm to human life, health, property, or environment.
- Secure and resilient — able to withstand adversarial attacks and unexpected inputs.
- Accountable and transparent — traceable, decisions attributable, and information about the system available to those affected.
- Explainable and interpretable — the mechanisms of decision-making are understandable to relevant stakeholders.
- Privacy-enhanced — respects the privacy of the data subjects the system interacts with.
- Fair — with harmful bias managed — biases are identified, measured, and reduced.
The framework is explicit that these characteristics can conflict — a maximally explainable system may be less accurate; a maximally private one may be less useful — and that the risk-based approach requires organisations to make those trade-offs consciously, document them, and be able to defend them.
The Generative AI Profile (NIST AI 600-1)
By late 2023 it was clear that generative AI raised risks the base RMF handled at too high a level of abstraction. NIST responded by publishing the Generative AI Profile — NIST AI 600-1 — on 26 July 2024. The profile does not replace AI RMF 1.0; it maps generative-AI-specific risks and suggested actions onto the same four-function structure, so that an organisation already using the RMF can extend its practice without restarting.
The GenAI Profile enumerates 12 risk categories that are unique to or amplified by generative AI:
- 1CBRN information or capabilities — the risk that a system provides information enabling chemical, biological, radiological, or nuclear harm.
- 2Confabulation — the tendency of generative models to produce fluent, plausible, but incorrect content (what the wider industry calls hallucination).
- 3Dangerous, violent, or hateful content — outputs that promote or facilitate harm.
- 4Data privacy — risks to individuals whose data was in training corpora or is provided in prompts.
- 5Environmental impacts — energy and resource costs of training and inference.
- 6Harmful bias and homogenisation — outputs that discriminate or that reduce viewpoint diversity by defaulting to a narrow modal answer.
- 7Human-AI configuration — risks arising from how humans interact with the system, including over-reliance and under-reliance.
- 8Information integrity — mass generation of misleading or synthetic content, and its effects on the information environment.
- 9Information security — vulnerabilities the system introduces to broader systems, including prompt injection.
- 10Intellectual property — training-data and output-related IP risks.
- 11Obscene, degrading, and/or abusive content — including non-consensual intimate imagery and content sexualising minors.
- 12Value chain and component integration — risks that flow into an organisation through third-party models, data, and tools.
For each category, the Profile lists suggested actions organised under GOVERN, MAP, MEASURE, and MANAGE — a concrete answer to "what should we actually do about this risk?" that a practitioner can lift into a policy, control library, or work programme.
For enterprise leaders, the Profile is important precisely because it is the first authoritative document to treat the AI risks that boards are actually asking about — hallucination, prompt injection, IP exposure, value-chain risk — as a coherent set with a common structure, rather than as a series of separate press-cycle problems.
Adoption: How Widely Is It Actually Used?
Framework documents live or die by adoption. Here the NIST AI RMF is on stronger ground than most:
- The 2026 Hitch Partners Global CISO Leadership Report — surveying more than 625 chief information security officers globally — found the NIST AI RMF to be the leading AI governance framework at 57–67% adoption, ahead of any competing framework. CISO adoption is a strong signal because CISOs are the executives most often asked to attest, in writing, that AI is being managed responsibly.
- Enterprise buyers increasingly cite the RMF in procurement questionnaires and vendor security reviews, alongside SOC 2 and ISO 27001 — turning it into a de facto commercial expectation for AI-enabled products sold into the US market.
- Public-sector suppliers, particularly those working with US federal agencies or state governments, have used alignment with the RMF as a low-risk way to demonstrate AI governance maturity without waiting for sector-specific rules.
Adoption is not universal, and self-attested adoption ("we follow the RMF") is not the same as operational adoption ("our controls map to the subcategories and we can produce evidence"). But as a reference point in enterprise conversations about AI risk, the framework has become genuinely load-bearing.
Why It Endured a Change of Administration
The NIST AI RMF received a significant amplification when President Biden's Executive Order 14110 — Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, signed 30 October 2023 — directed federal agencies to lean on it. That EO was rescinded on 20 January 2025, hours after President Trump's inauguration, and replaced three days later by Executive Order 14179 — Removing Barriers to American Leadership in Artificial Intelligence.
For a period, this created uncertainty: had the AI RMF's authority been quietly rescinded along with the EO that popularised it?
The answer, in practice, has been no. The RMF is a voluntary NIST publication, not an EO instrument — its authority comes from NIST's standing and from the framework's own quality, not from the executive branch. Neither the RMF itself nor the GenAI Profile was withdrawn. Enterprise adoption continued through the transition, and the framework remains the reference for how US-headquartered enterprises articulate AI risk management. The lesson for leaders was clarifying: durable AI governance frameworks come from standards bodies with technical legitimacy, not from political documents that can be revoked with a signature.
How the RMF Relates to ISO/IEC 42001 and the EU AI Act
Leaders working through their AI governance stack rightly want to know how the NIST AI RMF fits alongside ISO/IEC 42001 and the EU AI Act. The short answer is that they play different roles, and mature organisations use all three:
- NIST AI RMF — the risk framework. Voluntary. Describes how to identify, assess, and manage AI risks across the lifecycle. No certificate.
- ISO/IEC 42001:2023 — the management-system standard. Voluntary but certifiable. Requires you to build and operate an AI Management System (AIMS), and an accredited third party audits and certifies it. The RMF's risk-management practice fits naturally inside 42001's management-system structure.
- EU AI Act — the law. Binding for AI systems placed on the EU market. Sets specific obligations for high-risk AI systems and general-purpose AI models. Compliance is not optional for in-scope systems, and neither RMF adoption nor ISO 42001 certification substitutes for it — though both make it materially easier.
A workable posture for a global enterprise: use the NIST AI RMF as the risk-management practice, wrap it inside an ISO/IEC 42001 management system to make governance auditable and certifiable, and use EU AI Act conformity work to satisfy the specific legal obligations for in-scope systems.
Implementing the RMF: Where Enterprises Get Stuck
Organisations that struggle with the RMF typically fail in the same predictable ways:
- Treating it as a documentation exercise. Mapping subcategories to existing policies and calling that adoption. GOVERN, in particular, only works if it changes decisions — who owns AI risk, who signs off on deployment, what stops a system going live.
- Skipping MAP and MEASURE for the systems that matter most. MAP and MEASURE are effortful — real assessment, real context, real measurement. Organisations often do them well for one flagship system and then never repeat the process for the tenth or the hundredth. Enterprise AI risk is not concentrated in the flagship system; it is distributed across the long tail.
- Not adopting the Generative AI Profile. Boards and customers are asking about GenAI-specific risks. An RMF implementation that predates the Profile and does not extend into it is answering the wrong version of the question.
- No integration with existing risk functions. AI risk sits alongside cyber, privacy, model risk, third-party, and operational risk. An RMF implementation isolated from those functions duplicates work and produces contradictory signals to the business.
What Leaders Should Be Asking
To the executive sponsor of AI: If a customer, insurer, or regulator asked us tomorrow to describe our AI risk-management practice, would we point to the NIST AI RMF, and could we show it operating — or would we hand them a policy document? The gap between those two states is the work.
To the CISO and CIO: For each production AI system, can we produce, on request, a MAP and MEASURE artefact — context, capabilities, risks, mitigations, monitoring — that would satisfy an informed reviewer? If not, the framework has been adopted in principle only.
To the general counsel and chief risk officer: Where does our current AI governance stack — NIST RMF, ISO 42001 (if pursued), EU AI Act conformity work (if in scope) — leave gaps, and where does it duplicate effort? Integration decisions are cheaper made deliberately than discovered mid-audit.
The Underlying Point
The NIST AI Risk Management Framework has become enterprise-load-bearing because it does one thing well: it gives an organisation a coherent way to think about, describe, and manage AI risk that other stakeholders — customers, insurers, regulators, boards — recognise and trust. It does not tell an organisation which AI to build or buy. It requires that whatever AI it builds or buys is understood, measured, and managed against risks it has consciously chosen to accept.
For leaders in 2026, the question is not whether to adopt the framework. In practice, the market has already answered — buyers, insurers, and CISOs treat it as the default. The question is whether the adoption is real: whether GOVERN, MAP, MEASURE, and MANAGE have changed the decisions your organisation makes about AI, or whether they are documented aspirations. The framework does not care about the answer. The next customer questionnaire, insurance renewal, or board review will.
Imagine Works helps enterprise organisations operationalise the NIST AI Risk Management Framework — from GOVERN structures and AI risk registers to system-level MAP/MEASURE assessments and integration with ISO/IEC 42001 and EU AI Act obligations. Get in touch to discuss your AI risk-management posture.
Related Service
AI Governance & Risk Design
Designing the governance framework and risk architecture that keeps your AI systems compliant, auditable, and board-ready — before regulation forces the issue.
Explore this serviceMore Insights
More on AI Governance
AI Red Teaming: What Enterprise Leaders Should Actually Ask For
AI red teaming has moved from a research-lab activity to a boardroom expectation. The EU AI Act now requires adversarial testing of general-purpose AI models with systemic risk. Microsoft has red-teamed 100+ generative AI products since 2018. NIST published a formal adversarial-ML attack taxonomy in March 2025. Here is what enterprise leaders should ask for when they commission — or evaluate — an AI red team engagement.
Prompt Injection: The Enterprise Security Risk That Cannot Yet Be Filtered Away
Prompt injection has been the number-one risk on the OWASP Top 10 for LLM Applications since 2023, and in June 2025 it produced the first publicly documented zero-click enterprise AI vulnerability — CVE-2025-32711, EchoLeak, in Microsoft 365 Copilot. UK NCSC's December 2025 guidance is direct: prompt injection cannot be fully mitigated; focus on reducing impact. Here is what enterprise leaders need to understand and do.
ISO/IEC 42001: The AI Management System Standard Enterprise Leaders Need to Understand
ISO/IEC 42001:2023 is the world's first certifiable international standard for managing artificial intelligence. Published in December 2023, it gives organisations a structured, auditable way to govern AI — and a certificate to prove it. Here is what the standard contains, how certification works, how it relates to the EU AI Act, and whether your organisation should pursue it.