NIST released its AI Risk Management Framework in January 2023, and in the two years since, it's become the de facto standard for organizations trying to put structure around AI deployment. Not because of a mandate—there isn't one—but because it's the only comprehensive, non-vendor framework that addresses the full lifecycle of AI risk. If you're a CISO or compliance leader at a regulated organization, you're going to encounter the NIST AI RMF eventually. Either your board will ask about it, your auditors will reference it, or your legal team will cite it when they're nervous about a new AI tool.
The framework is voluntary, but that's a technicality. In healthcare, defense contracting, and financial services, the pattern I see is clear: voluntary NIST frameworks become the operational standard long before they become requirements. HIPAA Security Rule references NIST SP 800-66. CMMC builds on NIST SP 800-171. The AI RMF is following the same trajectory, and organizations that wait for a mandate will find themselves behind.
This article walks through the NIST AI RMF with a focus on practical application. Not theory, not aspiration—how you actually use this framework in an organization that's deploying AI tools, building AI-enabled products, or integrating third-party AI services into regulated workflows.
Why the NIST AI RMF Matters Now
Most AI governance guidance falls into one of two categories: academic papers that don't account for operational constraints, or vendor whitepapers that sell you on a specific product architecture. The NIST AI RMF is neither. It's a risk-based framework that acknowledges uncertainty, emphasizes context, and gives you a structure without prescribing tools.
The framework is organized around four functions: Govern, Map, Measure, Manage. These functions are continuous and interdependent. You don't "complete" one and move to the next—you iterate through them as your AI systems evolve, as risks emerge, and as your organizational context changes.
What makes this framework particularly relevant for regulated industries is its alignment with existing compliance structures. If you've built a risk management program around NIST Cybersecurity Framework, ISO 27001, or HIPAA's risk analysis requirements, the AI RMF will feel familiar. It's not a radical departure—it's an extension of risk management principles into a domain where the risks are less understood and the failure modes are different.
The second reason it matters: enforcement and regulatory guidance are catching up. The European Union's AI Act references similar risk categorization. The White House Executive Order on AI cites the framework. State-level AI bills are starting to incorporate its language. If you're building an AI governance program today and you ignore the NIST AI RMF, you're going to rebuild it in 18 months when your regulator or customer asks for alignment.
The Govern Function: Building the Foundation
The Govern function is where most organizations stumble, because it requires decisions that executives don't want to make yet. Govern establishes the organizational structure, roles, policies, and oversight mechanisms for AI risk management. It answers: who decides what's acceptable risk? Who has authority to stop a deployment? What's our risk tolerance for different AI use cases?
In practical terms, this means you need an AI governance committee or working group with actual authority. Not a task force that writes a policy document and disbands. A standing body that reviews AI deployments, escalates high-risk use cases, and makes go/no-go decisions when the risk isn't clear.
Here's what I've seen work: a cross-functional group that includes the CISO, legal counsel, a senior product or engineering leader, and someone from compliance or risk management. The group meets monthly at minimum, with an expedited review process for urgent AI tool requests. They maintain a registry of AI systems in use across the organization, categorized by risk level.
Risk Categorization
The framework doesn't mandate specific risk categories, but it emphasizes context. A customer service chatbot and a clinical decision support tool are both "AI," but the risk profiles are completely different. Your governance structure needs to account for this.
I use a three-tier model: low-risk (limited impact, human oversight, non-sensitive data), moderate-risk (business-critical functions, sensitive data, limited human oversight), and high-risk (safety-critical, legally regulated, potential for discrimination or harm). Each tier has different review requirements, documentation standards, and approval authorities.
High-risk AI systems—anything that makes decisions about people's health, safety, legal rights, or employment—require board-level awareness and formal risk acceptance. Moderate-risk systems need CISO and legal sign-off. Low-risk systems can be approved at the department level, but they still go in the registry.
Policy and Accountability
The Govern function also requires you to document your AI policies. Not a generic "AI Ethics Principles" statement—operational policies that tell employees what they can and can't do. Can a developer integrate OpenAI's API into a production system without review? Can a marketing team use an AI tool to analyze customer data? Can a clinician use an AI diagnostic aid that isn't FDA-cleared?
These policies need to be specific and enforceable. If your policy says "AI tools must be reviewed for bias," but you don't define what that review looks like or who conducts it, the policy is decorative.
Accountability is the other critical piece. For every AI system in your registry, someone needs to be the owner. Not the vendor, not the IT department—a business owner who is accountable for the outcomes that system produces. When something goes wrong, you need to know who's responsible.
The Map Function: Understanding Your AI Landscape
The Map function is where you document what your AI systems actually do, what data they use, what decisions they influence, and what risks they introduce. This is harder than it sounds, because most organizations don't have visibility into all the AI tools their employees are using.
Shadow AI is a real problem. Employees use ChatGPT, Copilot, Grammarly, Jasper, and dozens of other AI-enabled tools without telling anyone. Some of these tools are low-risk. Some of them are processing your organization's confidential data and sending it to third-party servers. You won't know until you map your AI landscape.
Start with an inventory. Ask every department: what AI tools are you using, evaluating, or planning to deploy? What data are you feeding into these tools? What decisions are being informed by AI outputs? This won't be comprehensive the first time, but it gives you a baseline.
Context and Impact
The NIST AI RMF emphasizes context throughout, and the Map function is where that becomes operational. A generative AI tool used to draft internal emails is different from the same tool used to generate patient-facing clinical summaries. The technology is identical, but the context—and therefore the risk—is completely different.
For each AI system in your inventory, document:
- The business purpose and use case
- The data inputs (type, source, sensitivity)
- The outputs and decisions the system influences
- The users and affected populations
- The potential harms if the system fails or behaves unexpectedly
This isn't a compliance checkbox—it's a risk assessment. You're identifying where things can go wrong and how bad the consequences would be. For a healthcare organization using an AI tool to prioritize patient outreach, the potential harms include missed diagnoses, biased resource allocation, and HIPAA violations. Those harms shape your risk mitigation strategy.
Third-Party AI Systems
Most organizations aren't building AI models from scratch—they're integrating third-party AI services. That's fine, but it doesn't reduce your risk. You're still accountable for the outcomes.
When you map third-party AI systems, you need to understand what the vendor can and can't tell you about how the system works. Can they explain what data the model was trained on? Can they describe how the model makes decisions? Can they provide evidence of bias testing? If you're in healthcare and the vendor is processing PHI, do they need to sign a BAA?
The answer to that last question is more nuanced than most people realize, and it's one of the most common gaps I see in healthcare AI deployments. Understanding your third-party AI risk isn't optional—it's part of the Map function.
Need Help Implementing AI Governance in Your Organization?
Carl delivers keynotes on AI risk management, regulatory compliance, and practical governance frameworks for healthcare, defense, and other regulated industries. His talks are grounded in real-world CISO experience, not vendor theory.
Book Carl to SpeakThe Measure Function: Testing and Validation
The Measure function is where you move from documentation to evidence. You've identified your AI systems and their risks—now you need to test whether those systems behave as expected, whether the risks are within tolerance, and whether your controls are effective.
This is the most technical function in the framework, and it's where many non-technical leaders get stuck. You don't need to become a data scientist, but you do need to understand what questions to ask and what answers are sufficient.
Performance Metrics
Every AI system should have defined performance metrics that align with its intended use. For a predictive model, that might be accuracy, precision, recall, or false positive rate. For a generative AI tool, it might be output quality, consistency, or adherence to guidelines.
The key is defining "good enough" before you deploy. If you're using an AI tool to flag suspicious transactions, what false positive rate is acceptable? If you're using a model to prioritize patient outreach, what's the threshold for recall? These aren't abstract questions—they're risk decisions.
In regulated industries, "measure" often means validation. If you're deploying an AI tool that influences clinical care, you need clinical validation—evidence that the tool performs as intended in your population, with your workflows. If you're using AI for employment decisions, you need testing for disparate impact. The NIST AI RMF doesn't prescribe these tests, but it creates the structure for determining what's necessary.
Bias and Fairness Testing
Bias testing is non-negotiable for any AI system that makes decisions about people. The challenge is that "bias" is context-dependent. A model that performs worse for a specific demographic group might be acceptable in one use case and completely unacceptable in another.
I don't believe in perfect fairness—I believe in documented trade-offs. If your fraud detection model has a higher false positive rate for certain customer segments, you need to know that, document why it happens, and decide whether the trade-off is justified. If it's not, you need to retrain the model, add human review, or not deploy it.
The Measure function is where you generate that evidence. You test your models on disaggregated data, you look for performance disparities, and you document what you find. If you can't do this testing—because you don't have the data, the vendor won't cooperate, or the model is too opaque—that's a risk factor in itself.
Ongoing Monitoring
Measurement isn't a one-time gate review. AI systems degrade over time. Data distributions shift, user behavior changes, and models that performed well at deployment can drift out of tolerance. The Measure function includes ongoing monitoring to detect when performance degrades, when bias increases, or when something unexpected happens.
For high-risk AI systems, this means automated monitoring with defined thresholds and alerting. For moderate-risk systems, it might mean quarterly reviews. For low-risk systems, annual spot checks might be sufficient. The cadence should be proportional to the risk.
The Manage Function: Operationalizing Risk Mitigation
The Manage function is where you implement controls to address the risks you've identified and measured. This is the most actionable part of the framework, because it's where governance becomes operational.
Managing AI risk isn't fundamentally different from managing other technology risks—it's about controls, oversight, and incident response. But the specific controls are different because the failure modes are different. An AI system can produce incorrect outputs, exhibit bias, leak sensitive data, or behave unpredictably. Your controls need to address all of these.
Human Oversight and Review
The most common control for AI risk is human oversight. You don't let the AI system make decisions autonomously—you require a human to review and approve the output. This works, but only if the human oversight is meaningful.
In my experience, human oversight degrades over time. When an AI system is 95% accurate, humans stop checking carefully because they assume the system is right. This is called automation bias, and it's a well-documented phenomenon. Your controls need to account for it.
For high-stakes decisions, consider requiring two levels of review, or rotating who reviews to prevent fatigue. For lower-stakes decisions, consider spot audits instead of full review. The goal is to maintain meaningful oversight without creating bottlenecks.
Access Controls and Data Minimization
AI systems are data-intensive, and that creates privacy and security risks. Managing these risks means applying the same principles you'd apply to any sensitive data system: least privilege access, encryption, audit logging, and data minimization.
Data minimization is particularly important for AI. If you're using a third-party AI service, don't send more data than necessary. If you're training a model, don't include data you don't need. If you're using generative AI to draft customer communications, don't paste in the customer's full account history—extract only the relevant details.
This is basic data hygiene, but it's often overlooked when teams are focused on getting an AI tool to work. The Manage function is where you enforce these practices.
Incident Response and Model Retirement
What happens when your AI system fails? You need an incident response process that's specific to AI. That means defining what constitutes an AI incident (unexpectedly biased output, data leakage, model drift beyond tolerance), who gets notified, and what remediation looks like.
For regulated industries, this also means knowing when you need to report an incident externally. If an AI tool used in patient care produces a harmful recommendation, that's a patient safety event. If an AI system leaks customer data, that's a breach. Your incident response plan needs to integrate AI-specific scenarios.
Model retirement is the other side of this. AI systems don't last forever. When a model is no longer performing within tolerance, when the business context changes, or when a better alternative becomes available, you need to decommission the old system. This includes deleting training data, revoking API access, and updating your documentation.
Bring AI Risk and Governance Expertise to Your Next Event
Carl speaks on AI governance, regulatory compliance, and risk management for organizations navigating NIST AI RMF, HIPAA, CMMC, and other frameworks. See all keynote speaking topics or reach out about your event.
Book Carl for Your EventImplementing the Framework in a Regulated Organization
The NIST AI RMF is not prescriptive—it's a structure you adapt to your organization's context. For a healthcare organization, that means integrating AI risk management into your existing HIPAA compliance program. For a defense contractor, it means aligning AI governance with CMMC and NIST SP 800-171. For a financial services firm, it means connecting AI risk to your operational risk framework.
The pattern I recommend is starting with a pilot. Identify one or two AI systems already in use—not hypothetical future deployments—and walk them through the four functions. Govern: who approved this system, and what authority did they have? Map: what does this system do, what data does it use, and what are the potential harms? Measure: do we have evidence that it works as intended? Manage: what controls are in place to mitigate risk?
You'll find gaps. That's the point. The pilot tells you what documentation is missing, what decisions haven't been made, and what processes need to be formalized. Then you scale the framework to the rest of your AI portfolio.
Building the AI Inventory
One of the first practical steps is building an AI system inventory. This is your Map function baseline, and it's harder than it should be because AI is everywhere. You can't inventory what you don't know exists.
Start with the obvious systems: any AI tool that was formally procured, went through a vendor review, or required IT involvement. Then expand to departmental tools—marketing automation, customer service chatbots, HR screening tools. Then ask about employee use of public AI services like ChatGPT, Copilot, or Notion AI.
You won't get complete visibility immediately, but you'll get enough to start. Once you have the inventory, categorize each system by risk level and assign an owner. This becomes your working document for governance and oversight.
Aligning with Existing Frameworks
If you're already managing compliance with HIPAA, CMMC, or other frameworks, the AI RMF should integrate into those programs, not sit alongside them. Your AI governance structure should feed into your risk committee. Your AI inventory should be part of your asset management process. Your AI incident response should be part of your overall incident response plan.
The frameworks are complementary. HIPAA requires risk analysis—AI systems are part of that analysis. CMMC requires access controls—AI systems are subject to those controls. The NIST AI RMF adds structure specifically for AI-related risks, but it doesn't replace the fundamentals.
Common Pitfalls and How to Avoid Them
The biggest mistake I see organizations make with the NIST AI RMF is treating it as a documentation exercise. They produce an AI governance policy, a risk assessment template, and a spreadsheet inventory, and then they assume they're done. They're not. The framework is operational—it requires continuous execution, not a one-time deliverable.
The second mistake is trying to apply the same rigor to every AI system. Not all AI is high-risk. A tool that uses AI to summarize meeting notes is not the same as a tool that uses AI to triage patient symptoms. Proportionality matters. Your governance overhead should match the risk.
The third mistake is deferring to vendors. If your vendor says their model is unbiased, tested, and safe, that's a starting point, not an answer. You need to validate those claims in your context, with your data, for your use case. Vendor marketing is not a substitute for your own risk assessment.
The fourth mistake is waiting for perfect clarity. AI is evolving faster than regulation, faster than standards, faster than anyone's risk tolerance. You will not have all the answers before you need to make decisions. The framework is designed for this—it's iterative, it emphasizes learning, and it allows you to refine your approach as you gain experience.
Why the NIST AI RMF Is Becoming the Standard
The framework is gaining traction for a few reasons. First, it's comprehensive without being overwhelming. It covers governance, risk identification, testing, and mitigation—the full lifecycle—but it doesn't prescribe tools or technologies. You can apply it whether you're using open-source models or proprietary APIs, whether you're building custom AI or buying off-the-shelf tools.
Second, it's risk-based. This aligns with how regulated industries already think about compliance. You don't secure everything equally—you prioritize based on risk. The AI RMF applies the same logic to AI systems. High-risk systems get more scrutiny, more testing, more oversight. Low-risk systems get lighter-touch governance.
Third, it's flexible enough to adapt to different regulatory environments. If you're in healthcare, you can map the AI RMF to HIPAA's risk analysis requirements. If you're in defense, you can connect it to CMMC's supply chain risk management. If you're multinational, you can align it with the EU AI Act's risk categorization. The framework is a bridge, not a silo.
Finally, it's becoming the standard because there isn't a better alternative. ISO has AI standards in progress, but they're not as mature. The EU AI Act is regulation, not a framework. Industry-specific guidance is scattered and incomplete. The NIST AI RMF is the most comprehensive, practical, and widely recognized structure available right now.
That doesn't mean it's perfect. The framework is high-level in places where practitioners need specifics. It doesn't provide sector-specific playbooks. It assumes a level of AI literacy that many organizations don't have yet. But it's a foundation you can build on, and that's more than most AI governance initiatives have.
What This Means for CISOs and Compliance Leaders
If you're responsible for risk management, compliance, or information security at an organization deploying AI, the NIST AI RMF is not optional. You need to understand it, because your board is going to ask about it, your auditors are going to reference it, and your customers are going to expect alignment with it.
The good news is that if you've built a mature compliance program, much of this will feel familiar. Risk assessment, control implementation, monitoring, and incident response—these are not new concepts. The difference is applying them to systems that are probabilistic, that learn from data, and that fail in ways that traditional software doesn't.
The questions executives should be asking before deploying AI aren't theoretical—they're practical, operational questions that determine whether your organization is ready. Do we have an AI governance structure? Do we know what AI systems we're using? Do we have evidence that those systems work as intended? Do we have controls to mitigate harm? The AI RMF gives you a structure to answer those questions consistently.
Ultimately, the framework is a tool for making better decisions. It won't eliminate AI risk—nothing will—but it will help you understand the risk, communicate it to stakeholders, and manage it within your organization's tolerance. That's what risk management is. The NIST AI RMF makes that process systematic, repeatable, and defensible.