NIST AI RMF

The NIST AI Risk Management Framework provides a structured approach to managing AI risks. Four core functions:

GOVERN

Establish AI governance structures, policies, and accountability.

Define roles and responsibilities for AI risk management
Establish AI acceptable use policies
Create oversight committees and review processes
Document risk tolerance and decision-making authority

MAP

Identify and document AI risks in context.

Catalog all AI systems in the organization
Assess each system's risk profile
Map dependencies and third-party AI components
Identify relevant regulatory requirements

MEASURE

Assess and monitor AI risks.

Define metrics for AI system performance and safety
Implement monitoring for model drift, bias, and anomalies
Conduct regular red team assessments
Track incident metrics and near-misses

MANAGE

Mitigate and respond to AI risks.

Implement controls based on risk assessments
Define incident response procedures for AI failures
Establish model rollback and fallback procedures
Conduct regular reviews and update risk assessments