RedOps Cyber Intelligence — Regulated Mid-Market AI Security
RedOpsCyber Intelligence
Request a consultation
Home/Frameworks/NIST AI RMF
AI Governance (Voluntary)

NIST AI Risk Management Framework

The most widely adopted voluntary framework for managing AI risk — and a defensible backbone for AI governance in regulated industries.

Request a consultation View services
Author
U.S. National Institute of Standards and Technology (NIST)
Released
AI Risk Management Framework 1.0, January 2023
Status
Voluntary — a framework, not a regulation
Core functions
Govern, Map, Measure, Manage
Companion
A Generative AI profile extends it to GenAI-specific risk
Best for
Firms operationalizing AI governance and demonstrating diligence

01What it is

The NIST AI Risk Management Framework is a voluntary framework for identifying and managing the risks of AI systems across their lifecycle. It is not a law — but it has become a common reference point. When a regulator, a board, or an enterprise customer asks how you govern AI, alignment to the AI RMF is a credible, recognized answer.

02The four functions

The framework organizes work into four functions. Govern establishes the culture, policies, and accountability for AI risk. Map establishes context and identifies risks for each AI use case. Measure assesses and tracks those risks with appropriate methods. Manage prioritizes and acts on them. Together, they turn “we use AI responsibly” into something you can actually demonstrate.

03Generative AI

NIST has published a companion profile addressing the distinct risks of generative AI — including confabulation, data leakage, and AI-assisted social engineering. For firms shipping GenAI features, that profile is where governance meets the threats we see in practice rather than in theory.

04How it connects

The AI RMF pairs naturally with ISO 42001 — a certifiable AI management system — and with regulatory obligations like NYDFS Part 500, giving you a single structure that satisfies multiple audiences at once.

05What RedOps delivers

RedOps turns the framework into a working operating model — not a document that sits unread.

AI governance scope
  • An AI use-case inventory across the business
  • Risk mapping for each use case in the framework’s structure
  • A Govern / Map / Measure / Manage operating model with named owners
  • An AI policy stack — acceptable use, model risk, human oversight, logging
  • A measurement and monitoring approach for prioritized risks
  • A board-ready AI governance memo
NIST AI RMF

Make “we govern AI responsibly” provable.

If your board or a major customer is asking how you manage AI risk, book a 30-minute consultation and we’ll stand up a defensible governance backbone fast.

Request a consultation View services
Related frameworks
AI Certification

ISO 42001

The certifiable management system that gives the AI RMF formal teeth.

Learn more
Adversarial AI

MITRE ATLAS

The threat model behind the “Measure” and “Manage” functions in practice.

Learn more
Attestation

SOC 2 Type II

The security attestation buyers pair with your AI governance story.

Learn more