NIST AI RMF 1.0 — Published January 26, 2023

NIST AI RMF 1.0: Implementing GOVERN, MAP, MEASURE, MANAGE for Regulated Industry AI

📅 Published February 2026 🕑 18 min read ⚒ NIST AI 100-1
EO
Executive Order 14110 Directs Federal Agency NIST AI RMF Adoption President Biden's October 30, 2023 Executive Order on Safe, Secure, and Trustworthy AI requires federal agencies to incorporate the NIST AI RMF into AI procurement, deployment, and governance. FedRAMP AI and federal contracting increasingly reference AI RMF compliance as a prerequisite.
Voluntary But Increasingly Mandatory in Practice The NIST AI RMF is technically a voluntary framework — but Executive Order 14110 has made it functionally required for federal agencies and federal contractors. Healthcare organizations subject to HIPAA Security Rule, financial institutions under OCC/FDIC model risk guidance (SR 11-7), and organizations pursuing ISO/IEC 42001 certification will find the AI RMF provides the structured methodology those regulations require but do not specify.
Section 01

NIST AI RMF 1.0: Framework Overview and the Four Core Functions

The National Institute of Standards and Technology published AI Risk Management Framework 1.0 (NIST AI 100-1) on January 26, 2023, following an extensive multi-stakeholder development process that began in 2021. The framework was developed in response to direction from Congress in the National AI Initiative Act of 2020, which tasked NIST with developing voluntary standards, guidelines, and best practices for AI risk management.

The AI RMF is not a regulation, a certification standard, or a compliance checklist. It is a structured framework that helps organizations identify, assess, and manage AI risks throughout the AI system lifecycle — from design through decommission. The framework is intentionally technology-neutral, sector-agnostic, and use-case-flexible, making it applicable to AI systems ranging from a hospital's clinical decision-support tool to a law firm's contract analysis platform to a hotel chain's guest experience AI.

At its core, the NIST AI RMF organizes AI risk management activities into four functions: GOVERN, MAP, MEASURE, and MANAGE. These functions are not sequential steps — they are concurrent, interdependent activities that together form a comprehensive AI risk management system. The framework explicitly acknowledges that risk management is a continuous process, not a one-time compliance exercise.

Jan 2023
NIST AI RMF 1.0 published — the foundational voluntary framework
800+
Suggested actions in the NIST AI RMF Playbook mapped to the four functions
Jul 2024
NIST AI 600-1 published — specific guidance for generative AI systems
12
GenAI-specific risks identified in NIST AI 600-1 including hallucination and data privacy

The Four Core Functions

The AI RMF Core is the heart of the framework. It describes AI risk management outcomes and activities organized into four functions. Each function contains categories and subcategories that describe specific outcomes organizations should achieve. The functions are represented as a continuous cycle — GOVERN provides the foundation that enables MAP, MEASURE, and MANAGE to operate effectively.

GOVERN

Establishes AI risk culture, policies, accountability structures, and workforce practices. The enabling function that makes the others possible.

MAP

Categorizes AI context, identifies affected stakeholders, maps risks specific to the AI system's purpose, capabilities, and deployment environment.

MEASURE

Analyzes, assesses, benchmarks, and tracks AI risks using quantitative and qualitative tools. Includes TEVV activities: Testing, Evaluation, Validation, Verification.

MANAGE

Prioritizes and responds to identified AI risks. Develops risk treatment plans, implements responses, monitors residual risk, and communicates risk status.

The Six Characteristics of Trustworthy AI

Underlying the entire AI RMF is NIST's definition of trustworthy AI. The framework identifies six characteristics that trustworthy AI systems should exhibit. These characteristics are not independent — they interact with and sometimes create tension with each other, requiring deliberate design trade-offs:

  • Char. 1

    Accountable and Transparent

    AI actors can be held responsible for AI system behavior and outcomes. Stakeholders have access to information about AI system capabilities, limitations, and decisions appropriate to their role and need.

  • Char. 2

    Explainable and Interpretable

    AI system behavior and outputs can be understood and communicated to relevant stakeholders. Interpretability means understanding how inputs map to outputs; explainability means communicating that understanding in human-comprehensible form.

  • Char. 3

    Privacy-Enhanced

    AI systems protect personal and sensitive information in accordance with applicable law and organizational policies throughout the AI lifecycle, including training data, operational data, and outputs that could reveal personal information.

  • Char. 4

    Reliable and Resilient

    AI systems perform consistently with stated objectives across a range of conditions, including adversarial conditions. Resilient systems maintain performance when encountering unexpected inputs, distribution shifts, or attempted manipulation.

  • Char. 5

    Safe

    AI systems do not cause harm to people, organizations, or ecosystems. Safety requires both avoiding harmful outputs and ensuring AI systems operate within appropriate boundaries when deployed in contexts where errors have physical, financial, or legal consequences.

  • Char. 6

    Fair with Bias Managed

    AI systems do not create unjustified discriminatory outcomes across demographic groups. Bias management is an ongoing process — not a one-time test — because AI systems can drift, training data can be unrepresentative, and fairness criteria can conflict.

Section 02

GOVERN Function: Establishing AI Risk Culture and Accountability

The GOVERN function is the organizational foundation of the NIST AI RMF. While MAP, MEASURE, and MANAGE describe what organizations do to assess and respond to AI risks, GOVERN describes who is responsible, what policies govern their work, and what organizational culture makes risk management effective. Without GOVERN, the other three functions become ad hoc technical exercises rather than embedded organizational capabilities.

NIST structures GOVERN around six categories: organizational context, risk management strategy, AI workforce training and competencies, organizational teams and responsibilities, policies and procedures, and third-party risk. Each category contains specific subcategories and, in the Playbook, 800+ suggested actions that organizations can implement based on their size, resources, and risk profile.

Governance Policies and Procedures

The GOVERN function requires organizations to establish written policies that address AI risk management. For regulated industries, these policies must integrate with existing regulatory frameworks. Healthcare organizations must align AI governance policies with HIPAA Security Rule's administrative safeguards (45 CFR § 164.308). Financial institutions must integrate AI governance with model risk management policies required by OCC/FDIC guidance. Law firms must address AI supervision under Rules of Professional Conduct (particularly Rule 5.3 governing non-lawyer supervision).

Key policy elements required by GOVERN include: a documented AI strategy articulating acceptable risk levels; defined roles and responsibilities for AI risk management (including designation of an AI risk owner); procedures for AI lifecycle management from procurement through decommission; processes for AI incident identification, escalation, and response; and mechanisms for tracking AI systems in use across the organization.

Accountability Structures

One of the most operationally important GOVERN requirements is establishing clear accountability for AI risks. The AI RMF uses the term "AI Actor" to describe any person or organization involved in AI development, deployment, or use. Organizations must define which AI Actors are responsible for which risk management activities at each stage of the AI lifecycle.

For organizations deploying AI from third-party providers — which describes the majority of healthcare, legal, and hospitality organizations — GOVERN requires explicit accountability for third-party AI risk. This includes: assessing the AI vendor's risk management practices before procurement, establishing contractual requirements for AI risk documentation and incident reporting, and maintaining internal accountability for AI systems even when the underlying model is vendor-provided.

AI Workforce Competencies

GOVERN recognizes that AI risk management cannot be delegated entirely to technical teams. Effective governance requires AI literacy across the organization — clinical leaders who can assess AI diagnostic tool limitations, attorneys who understand AI contract analysis constraints, financial advisors who can interpret AI-generated investment recommendations with appropriate skepticism. The GOVERN function requires organizations to assess current AI competencies, identify gaps, and implement training programs that build AI literacy at all relevant levels.

Section 03

MAP Function: AI Risk Categorization Methodology

The MAP function translates organizational context and AI system characteristics into a structured understanding of AI risks. Before an organization can measure or manage AI risks, it must understand what AI systems it operates, in what contexts they are deployed, who is affected by their outputs, and what categories of harm are plausible. MAP establishes this foundational understanding.

NIST structures MAP around five categories: categorize context, categorize risk, identify AI impact, categorize AI risks, and prioritize risk. Together these categories move from broad contextual awareness — what does this AI system do and who does it affect — to specific risk identification — what could go wrong and how seriously.

AI System Categorization

The MAP function begins with documenting the AI system's intended purpose, capabilities, and operating environment. This is not merely a technical description — it includes the organizational context (is this AI advisory or decision-making?), the affected population (who receives outputs?), the deployment environment (what human oversight exists?), and the consequences of failure (what happens when the AI is wrong?).

For healthcare AI, MAP requires categorizing whether the AI provides decision support to a clinician (lower risk) or makes autonomous determinations without clinician review (higher risk). For legal AI, MAP requires categorizing whether the AI assists attorney analysis (lower risk) or generates client-facing legal guidance without attorney review (higher risk). The AI lifecycle stage also matters: MAP activities at design are different from MAP activities at deployment or post-incident review.

Stakeholder Risk Identification

One of MAP's distinctive contributions is its stakeholder-centered approach to risk identification. The AI RMF requires organizations to identify all stakeholders affected by the AI system — not just the organization deploying it. For a hospital patient scheduling AI, affected stakeholders include patients, clinical staff, administrative staff, insurance companies, and the hospital itself. For a law firm contract review AI, affected stakeholders include clients, opposing parties, courts, and the attorneys whose professional liability depends on the AI's accuracy.

MAP Identifies Impacts on Third Parties Who May Have No Voice A common failure in AI risk management is focusing exclusively on organizational risk — compliance violations, liability, reputational harm — while systematically underweighting risks to third parties who interact with AI outputs but have no role in deployment decisions. NIST AI RMF MAP explicitly requires identifying these third-party impacts, which is particularly important in healthcare (patients), legal (clients and opposing parties), and financial services (borrowers, insureds).

Risk Prioritization Methodology

The AI RMF defines risk as the combination of the likelihood and impact of harm from AI trustworthiness failures. MAP provides a structured approach for prioritizing risks based on this definition. Organizations assess each identified risk on two dimensions: how likely is it that the AI system will exhibit this failure mode, and how serious would the consequences be if it did? High-likelihood, high-impact risks require immediate attention; low-likelihood, low-impact risks may be accepted with monitoring.

NIST acknowledges that many AI risk assessments involve deep uncertainty — it may be difficult to estimate the probability of a novel AI failure mode, and the full consequences of AI-enabled harm may not be apparent at the time of deployment. MAP requires organizations to document these uncertainties explicitly rather than treating uncertain risks as zero-probability events.

Section 04

MEASURE Function: Quantitative and Qualitative Risk Assessment

The MEASURE function implements the risk assessments identified in MAP using quantitative and qualitative tools. If MAP asks "what are the risks?", MEASURE asks "how bad is each risk, how do we know, and how confident are we?" The MEASURE function is where AI risk management becomes empirical — where claims about AI system performance are tested rather than assumed.

NIST structures MEASURE around four categories: AI risks are measurable (establishing measurement approaches), AI risks are enumerated (applying measurement tools), AI risks are tracked (monitoring over time), and risks are shared and communicated (reporting measurement results). The TEVV activities — Testing, Evaluation, Validation, and Verification — are the primary mechanisms through which MEASURE objectives are achieved.

TEVV: Testing, Evaluation, Validation, and Verification

TEVV is the NIST AI RMF's structured approach to empirically assessing AI system performance and risk. Each component serves a distinct purpose:

  • Testing measures AI system performance against defined benchmarks using controlled test data. This includes accuracy testing, bias testing across demographic groups, adversarial robustness testing, and performance testing at distribution edges.
  • Evaluation assesses whether the AI system meets its intended purpose in realistic conditions. Evaluation goes beyond test-set metrics to examine whether the AI behaves appropriately in the messiness of real deployment contexts.
  • Validation confirms that the AI system was built correctly relative to stakeholder requirements. Validation asks: does this system do what we intended it to do, and does what we intended adequately address stakeholder needs?
  • Verification confirms that the AI system was built according to its design specifications. Verification is technical: does the implemented system conform to its documented design and performance requirements?

Quantitative Measurement Tools

For AI systems where performance can be quantified, MEASURE recommends establishing specific, measurable benchmarks. For classification systems (diagnostic AI, fraud detection), this includes precision, recall, F1 score, and area under the ROC curve. For systems operating in fairness-sensitive contexts, this includes demographic parity, equalized odds, and calibration metrics across protected-class groups. For language model outputs (generative AI), this includes BLEU/ROUGE scores for factual accuracy tasks and human evaluation frameworks for open-ended outputs.

Qualitative Risk Assessment Approaches

Many AI risks cannot be fully quantified. The potential consequences of a novel AI failure mode, the risk to marginalized communities from biased AI outputs, or the long-term societal effects of AI-assisted decision-making at scale require qualitative assessment approaches. NIST AI RMF MEASURE explicitly includes qualitative methods: expert elicitation, structured scenario analysis, red-team exercises, and stakeholder impact interviews.

The NIST AI Incident Database (AIID), which NIST maintains, provides a structured repository of documented AI incidents that organizations can use to inform qualitative risk assessments. Rather than inventing failure scenarios from scratch, organizations can reference documented incidents in analogous AI systems to ground their risk assessments in empirical experience.

NIST AI 600-1: Measuring Generative AI Risks

Published in July 2024, NIST AI 600-1 (AI RMF Profile for Generative AI) extends the MEASURE function to the specific risk characteristics of generative AI systems. The profile identifies 12 generative AI-specific risks that require dedicated measurement approaches:

NIST AI 600-1 Risk Category Description Measurement Approach
Hallucination AI generates plausible-sounding but factually incorrect outputs Factual accuracy benchmarking against authoritative sources; human evaluation
Data Privacy Training data or outputs expose personal information Membership inference testing; PII detection in outputs; data lineage audit
Information Security AI systems exploited through prompt injection, adversarial inputs Red-team adversarial testing; input sanitization effectiveness metrics
Bias and Discrimination Systematic unfairness in AI-generated outputs across demographic groups Demographic parity testing; differential outcome analysis by group
Intellectual Property AI outputs that reproduce copyrighted training data Memorization testing; copyright similarity detection in outputs
Obscene or Harmful Content AI generates inappropriate, harmful, or dangerous content Content safety classifier testing; adversarial jailbreak resistance metrics
Section 05

MANAGE Function: Risk Treatment, Monitoring, and Response

The MANAGE function takes the risks identified by MAP and measured by MEASURE and applies structured risk treatment. Risk management in the AI RMF context means deciding how to respond to each identified risk: whether to avoid it (change the AI system or don't deploy it), mitigate it (implement controls that reduce likelihood or impact), transfer it (shift risk through insurance, contracts, or indemnification), or accept it (acknowledge the risk and document the rationale for accepting it).

Risk Treatment Plans

For each significant AI risk identified in MAP and assessed in MEASURE, MANAGE requires developing a formal risk treatment plan. The treatment plan documents: the risk being addressed, the selected treatment approach, the specific controls or actions to be implemented, the responsible party, the timeline for implementation, and the residual risk expected after treatment. Treatment plans are living documents — they require updating as AI systems evolve, as new incidents occur, and as the deployment environment changes.

For organizations deploying AI in regulated industries, risk treatment plans must account for regulatory requirements. A healthcare organization's AI risk treatment plan for a clinical decision support tool must address HIPAA Security Rule requirements. A financial institution's treatment plan for a credit scoring AI must address OCC/FDIC model risk management requirements. The NIST AI RMF does not replace these sector-specific requirements — it provides the organizational methodology for addressing them systematically.

AI Incident Response

The MANAGE function requires organizations to establish AI incident response procedures before incidents occur. An AI incident is any event in which an AI system behaves in a way that causes or could cause harm. This includes both technical incidents (system outage, model failure, adversarial attack) and behavioral incidents (biased output, privacy violation, safety-critical error).

NIST's AI Incident Database (AIID) documents hundreds of real-world AI incidents across industries, providing a reference library that organizations can use to inform their incident scenarios and response procedures. Key elements of AI incident response include: incident detection and escalation procedures, immediate containment actions (including system suspension if necessary), root cause analysis methodology, notification procedures for affected parties and regulators, and post-incident review to update risk assessments and controls.

Residual Risk Monitoring

Risk treatment does not eliminate risk — it reduces it to a residual level that is deemed acceptable. MANAGE requires organizations to continuously monitor residual risk levels and update treatment plans when monitoring indicates that residual risk has increased above acceptable thresholds. This is particularly important for AI systems because model performance can degrade over time due to data drift, distribution shift, or changes in the deployment environment.

Monitoring approaches in the MANAGE function complement the TEVV activities in MEASURE. Where MEASURE conducts periodic formal assessments, MANAGE monitoring is continuous — automated alerts when accuracy metrics fall below thresholds, ongoing bias monitoring for demographic disparities, and real-time security monitoring for adversarial inputs or unusual usage patterns.

Section 06

Industry Application: NIST AI RMF Across Regulated Sectors

While the NIST AI RMF is sector-agnostic by design, its application in specific regulated industries requires mapping AI RMF activities to sector-specific regulatory requirements. For healthcare, legal, financial services, and hospitality organizations, the following table illustrates how the four AI RMF functions connect to existing regulatory obligations:

Industry GOVERN Regulatory Anchor MAP/MEASURE Key Risk MANAGE Treatment Priority
Healthcare HIPAA Security Rule (45 CFR § 164.308 administrative safeguards); FDA AI/ML SaMD guidance Clinical decision support accuracy; patient safety; PHI exposure in AI inputs/outputs Human clinical oversight for all AI-influenced treatment decisions; PHI data minimization in AI systems
Legal Services ABA Model Rules 1.1 (competence), 1.6 (confidentiality), 5.3 (supervision of non-lawyers); state bar ethics opinions AI hallucination in legal research; client confidentiality in AI prompts; unauthorized practice risk from AI outputs Attorney review requirement for all AI-generated legal analysis; confidentiality controls on AI vendor data processing
Financial Services OCC/FDIC SR 11-7 model risk management guidance; CFPB adverse action notice requirements; SEC AI oversight expectations Credit model bias and disparate impact; model drift in changing economic conditions; explainability for adverse action notices Challenger model validation; disparate impact testing quarterly; explainable AI for consumer-facing credit decisions
Hospitality PCI DSS v4.0 (payment data); state privacy laws (CCPA/CPRA for CA properties); GDPR for EU guests Guest PII exposure in AI systems; payment card data in AI-accessible reservation systems; AI-enabled pricing bias Data minimization for AI guest interaction data; annual AI security assessment aligned with PCI DSS; cross-border data transfer controls for EU guest data

Healthcare: AI RMF and HIPAA Security Rule Alignment

The NIST AI RMF was designed to be compatible with existing NIST cybersecurity frameworks, including NIST SP 800-53 (security and privacy controls for federal information systems), which the HIPAA Security Rule incorporates by reference for technical safeguard implementation. This means healthcare organizations that have already implemented HIPAA Security Rule compliance using NIST SP 800-53 guidance have a significant head start on NIST AI RMF implementation.

NIST published specific Healthcare AI RMF implementation guidance that maps the four core functions to HIPAA Security Rule requirements. The GOVERN function maps to HIPAA's administrative safeguards requirements; MAP maps to HIPAA's required risk analysis; MEASURE maps to HIPAA's required evaluation standard; and MANAGE maps to HIPAA's sanction policies and incident response procedures.

Financial Services: SR 11-7 and AI RMF Integration

The Federal Reserve's SR 11-7 guidance on model risk management, issued in 2011, predates modern AI but established model validation and oversight requirements that apply broadly to AI systems used in financial decision-making. The OCC, FDIC, and Federal Reserve have all issued subsequent guidance indicating that SR 11-7 principles apply to AI/ML models, and are increasingly referencing the NIST AI RMF as the appropriate implementation framework.

The key SR 11-7 requirements — model development, validation, governance, and ongoing monitoring — map directly to the AI RMF's GOVERN, MAP, MEASURE, and MANAGE functions. Financial institutions implementing AI RMF as their AI governance methodology can document SR 11-7 compliance through their AI RMF implementation artifacts.

"The NIST AI Risk Management Framework is intended to be voluntary, adaptable, and applicable across AI technologies and contexts. It is designed to reduce AI risks to individuals, organizations, and society while also supporting responsible AI innovation."

— NIST AI 100-1, NIST AI Risk Management Framework, January 26, 2023
Section 07

AI Risk Categorization Scoring: Implementation Example

The following code example illustrates one approach to implementing the NIST AI RMF's risk scoring methodology programmatically. This pattern supports the MAP function's risk prioritization category and can be integrated into an AI governance platform to automate risk tier assignment for AI systems based on documented risk factors.

// NIST AI RMF Risk Scoring — MAP Function Implementation // Risk = f(likelihood, impact, trustworthiness_gap) // Aligned with NIST AI 100-1 Section 2.2 const riskFactors = { // Context factors (MAP category 1: AI system context) autonomyLevel: { "advisory": 1, // human reviews all AI outputs "assisted": 2, // human can override but defaults to AI "automated": 4, // AI acts without human review "autonomous": 5, // AI acts and human cannot override in real-time }, // Impact factors (MAP category 2: risk to people) populationAffected: { "single_user": 1, "enterprise": 2, "customers_indirect": 3, "patients_or_clients": 4, // regulated populations "public_at_large": 5, }, // Consequence factors (MAP category 3: harm severity) harmSeverity: { "negligible": 1, "minor": 2, "moderate_reversible": 3, "serious_reversible": 4, "critical_irreversible": 5, // physical, financial, legal ruin }, }; function scoreAIRisk(system) { const autonomy = riskFactors.autonomyLevel[system.autonomyLevel] || 1; const population = riskFactors.populationAffected[system.populationAffected] || 1; const severity = riskFactors.harmSeverity[system.harmSeverity] || 1; // Trustworthiness gap: how far is actual from trustworthy AI characteristics? // Score each NIST characteristic 0-1 (1 = fully met) const trustGap = 1 - ( (system.scores.accountable + system.scores.explainable + system.scores.privacyEnhanced + system.scores.reliable + system.scores.safe + system.scores.fair) / 6 ); // Composite AI Risk Score (NIST AI RMF MAP Function) const riskScore = autonomy * population * severity * (1 + trustGap * 2); return { score: riskScore, tier: riskScore > 50 ? "HIGH" : riskScore > 20 ? "MEDIUM" : "LOW", // HIGH: requires full GOVERN+MAP+MEASURE+MANAGE cycle // MEDIUM: requires MAP+MEASURE+MANAGE with abbreviated GOVERN // LOW: annual review sufficient per AI RMF Playbook reviewCadence: riskScore > 50 ? "quarterly" : riskScore > 20 ? "semi-annual" : "annual", }; } // Example: Healthcare clinical decision support AI const clinicalAI = scoreAIRisk({ autonomyLevel: "assisted", // clinician can override populationAffected: "patients_or_clients", harmSeverity: "serious_reversible", // misdiagnosis risk scores: { accountable: 0.8, explainable: 0.6, privacyEnhanced: 0.9, reliable: 0.85, safe: 0.8, fair: 0.7 } }); // Result: { score: 57.6, tier: "HIGH", reviewCadence: "quarterly" } // Action: Full GOVERN+MAP+MEASURE+MANAGE implementation required

This scoring model is illustrative, not prescriptive. The NIST AI RMF does not specify a mandatory scoring methodology — the Playbook's 800+ suggested actions provide flexibility for organizations to develop scoring approaches appropriate to their context, risk tolerance, and available resources. The scoring above implements the framework's conceptual risk equation (likelihood × impact) with AI-specific factors.

Section 08

12-Item NIST AI RMF Implementation Checklist

Use this checklist to assess your organization's current NIST AI RMF implementation maturity. Each item maps to a specific function or category in NIST AI 100-1. For organizations subject to Executive Order 14110 or seeking ISO/IEC 42001 certification, this checklist also documents alignment with those requirements.

  • GOVERN-1: Establish a Formal AI Risk Policy Document a written AI risk management policy approved by senior leadership. The policy must define acceptable AI risk levels, designate an AI risk owner or committee, and require risk assessment before deploying any AI system in a regulated context. Align with EO 14110 requirements for federal contractors.
  • GOVERN-2: Maintain a Complete AI System Inventory Create and maintain an inventory of all AI systems in use across the organization, including third-party AI embedded in vendor software. The inventory should document each system's purpose, deployment context, autonomy level, and data inputs. Update quarterly or when new AI systems are deployed.
  • GOVERN-3: Establish Third-Party AI Vendor Assessment Procedures Before procuring any AI system, assess the vendor's AI risk management practices against the NIST AI RMF. Require vendors to provide documentation of their GOVERN, MAP, MEASURE, and MANAGE activities. Confirm contractual rights to audit and incident notification. ISO 42001 Annex A.6 alignment.
  • GOVERN-4: Implement AI-Specific Workforce Training Deploy AI literacy training for all staff who interact with, rely on, or oversee AI systems. Training must cover AI system limitations, failure modes relevant to their role, human oversight responsibilities, and incident escalation procedures. Document training completion records.
  • MAP-1: Conduct AI System Context Documentation for Each System For each AI system in the inventory, complete a formal context documentation covering: intended purpose, affected populations, deployment environment, autonomy level, and regulatory classification. This documentation is the input to MEASURE and the evidence base for MANAGE decisions.
  • MAP-2: Perform Stakeholder Impact Analysis Identify all stakeholders affected by each AI system's outputs — including third parties who interact with AI-influenced decisions but have no deployment role. Document potential harms to each stakeholder group. For healthcare AI, include patients; for legal AI, include clients and opposing parties.
  • MEASURE-1: Conduct TEVV Testing Against Documented Benchmarks Perform Testing, Evaluation, Validation, and Verification for each AI system before deployment and annually thereafter. Document test results, accuracy benchmarks, bias metrics across demographic groups, and adversarial robustness findings. Retain TEVV documentation for regulatory review.
  • MEASURE-2: Implement Continuous Performance Monitoring Deploy automated monitoring for AI system performance metrics defined in TEVV. Set alert thresholds for accuracy degradation, demographic performance disparities, and anomalous input patterns. Review monitoring dashboards monthly; investigate alerts within 48 hours.
  • MEASURE-3: Assess Generative AI Risks Per NIST AI 600-1 For any generative AI system (large language models, conversational AI, content generation tools), apply the 12-risk assessment framework from NIST AI 600-1. Document hallucination rates, privacy exposure assessments, information security testing results, and bias evaluations.
  • MANAGE-1: Develop Risk Treatment Plans for All High and Medium Risks For each risk classified as HIGH or MEDIUM in the MAP risk scoring, develop a formal risk treatment plan with designated owners, implementation timelines, and residual risk assessments. Review and update treatment plans quarterly for HIGH-tier AI systems.
  • MANAGE-2: Establish AI Incident Response Procedures Document AI-specific incident response procedures covering: incident detection criteria, escalation path, immediate containment actions, root cause analysis methodology, affected party notification, and post-incident review process. Conduct a tabletop exercise at least annually.
  • MANAGE-3: Implement AI Decommission and Lifecycle Governance Establish procedures for retiring AI systems, including data deletion, access revocation, documentation archiving, and risk register updates. Ensure AI system decommission does not create data retention gaps for regulatory compliance purposes. Document final TEVV results before retirement.
Section 09

How Claire Maps to NIST AI RMF

Claire was designed with the NIST AI RMF in mind — not as a post-hoc compliance layer, but as an architectural commitment. The four core functions inform how Claire is built, how it is deployed, and how organizations using Claire can satisfy their own NIST AI RMF implementation obligations for the AI Actor category of "AI Deployer."

Claire's NIST AI RMF Implementation Architecture

GOVERN — Accountability Documentation: Every Claire deployment comes with a Deployer Compliance Package including: (1) a completed AI System Context Document for MAP, (2) technical documentation of Claire's trustworthy AI characteristics with scores, (3) a Responsibility Matrix mapping GOVERN accountability between The Algorithm LLC (provider) and the deploying organization. This package supports ISO 42001 Clause 8 and FedRAMP AI documentation requirements.
MAP — Pre-Deployment Risk Classification: Claire's deployment onboarding process includes a structured risk categorization using the MAP function methodology. Deploying organizations document their deployment context, affected populations, and autonomy level — and receive a pre-calculated risk tier and recommended review cadence. Healthcare deployments are automatically classified HIGH and assigned quarterly review.
MEASURE — Continuous Performance Metrics: Claire's deployer dashboard provides real-time access to TEVV-aligned performance metrics: response accuracy rates, escalation frequencies, session quality scores, and input anomaly alerts. Deployers receive monthly performance reports suitable for model risk management documentation under SR 11-7 and AI RMF MEASURE requirements.
MANAGE — Human Oversight by Default: Claire implements human oversight escalation as a core capability, not an optional add-on. All deployments include configurable escalation triggers that route conversations to human staff based on risk category, confidence threshold, or topic classification. The escalation system generates audit logs suitable for MANAGE function documentation and post-incident review.
NIST AI 600-1 Generative AI Risk Controls: Claire addresses all 12 NIST AI 600-1 generative AI risk categories through architectural controls. Hallucination risk is managed through retrieval-augmented generation (RAG) with authoritative source binding. Privacy risk is managed through ephemeral session architecture with no PII retention. Prompt injection risk is managed through input sanitization and context isolation. Deployers receive the NIST AI 600-1 risk assessment documentation.
ISO/IEC 42001 and NIST AI RMF Alignment: Claire's compliance architecture is designed to satisfy both NIST AI RMF and ISO 42001 requirements simultaneously. The frameworks were designed to be compatible, and Claire's documentation package addresses both. For organizations pursuing ISO 42001 certification, Claire's Deployer Compliance Package provides Annex A control evidence for the AI systems in scope.

For organizations subject to Executive Order 14110 or seeking to demonstrate NIST AI RMF compliance to federal agency customers, Claire provides documentation artifacts that support the AI RMF compliance narrative. Contact The Algorithm LLC for documentation specific to federal contracting contexts or FedRAMP AI requirements.

Schedule a NIST AI RMF compliance consultation →

C
Ask Claire about NIST AI RMF compliance