The AI risk management framework: NIST AI RMF for models and agents (with implementation steps)

An AI risk management framework is a structured approach to identifying, measuring and controlling the risks an AI system creates across its life: bias, drift, security, privacy, and for autonomous agents, the actions they take.

The most widely adopted one is the NIST AI Risk Management Framework, built around four functions:

• Govern
• Map
• Measure
• Manage

These four functions give organizations a deliberate way to manage AI risk, instead of reacting to it.

I'll be candid about why this matters more each quarter.

AI risk used to be a property of a model you could assess once and file. Agents changed that. The risk now lives in what AI does, continuously, in production, and a framework that treats risk as a one-time assessment is structurally behind the systems it's meant to govern.

The NIST AI RMF holds up because its functions are continuous by design. The work is making them run that way.

What is an AI risk management framework?

An AI risk management framework is a repeatable structure for governing AI risk: it defines who is accountable, how risks are identified and classified, how they're measured, and how they're acted on. It gives an organization a common language and a consistent process, so AI risk is handled the same way across every model and agent rather than improvised team by team.

A good framework does three things at once. It makes risk visible, by forcing every system to be identified and classified. It makes risk measurable, by defining the signals you track. And it makes risk actionable, by assigning ownership and response. Frameworks that stop at documentation, a policy nobody enforces, give you the paperwork of risk management without the substance. The test of a framework isn't whether it's written down; it's whether it changes what happens in production.

What is the NIST AI RMF?

The NIST AI Risk Management Framework is a voluntary framework published by the US National Institute of Standards and Technology to help organizations manage AI risk and build trustworthy AI. It's organized around four core functions, Govern, Map, Measure and Manage, and a set of characteristics that define what trustworthy AI looks like in practice.

Those characteristics are worth naming, because they're the goals the functions serve: AI that is valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed. The framework is deliberately technology-neutral and non-prescriptive, which is its strength and its catch. It tells you what good risk management covers, not how to operationalize it in your environment. The translation from the framework's functions to enforced controls is where most programs succeed or stall.

What are the four functions of the NIST AI RMF?

The NIST AI RMF is built on four functions that together form a continuous loop: Govern sets the culture and accountability, Map establishes context and identifies risk, Measure assesses and tracks it, and Manage acts on it. Govern wraps the other three, because accountability has to be present throughout, not bolted on at the end.

Govern

Govern is the cross-cutting function that establishes the culture, policies, roles and accountability for AI risk across the organization. It's the answer to "who owns this, under what policy, with what authority to act." Without Govern, the other three functions happen inconsistently or not at all, because nobody is accountable for whether they happen.

Implementation steps: define an AI governance policy and the risk tolerance behind it; assign clear ownership for every AI system; establish an inventory so governance has something to govern; and set the cadence of review tied to each system's risk. The practical failure here is treating Govern as a document. It's an operating model, and an operating model nobody enforces doesn't change what happens in production.

Map

Map establishes the context for an AI system and identifies the risks it carries: what it's for, what data it uses, who it affects, and what could go wrong. It's the function that turns "we have a model" into "we understand what this model risks and to whom." Map is where risk classification happens, and classification is what makes everything downstream proportionate.

Implementation steps: catalog each AI system with its purpose and stakeholders; trace its data sources and dependencies; classify its risk against a defined scheme; and document the intended use so later drift from that intent is detectable. For agents, Map has to extend to what the agent can reach and do, because an agent's context includes its action space, not just its inputs.

Measure

Measure analyzes, assesses and tracks the risks identified in Map, using quantitative and qualitative methods. It's the function that replaces opinion with evidence: not "we think the model is fair" but "here is how we measured bias, performance and drift, and here is what we found." Measure is continuous, because the risks it tracks move.

Implementation steps: define the metrics for each risk, including performance, bias, drift and, for agents, behavior; baseline expected behavior so deviation is detectable; test before deployment and monitor after; and validate behavior under stress, including adversarial testing for agents. The discipline is measuring in production, not just in the lab, because the lab is not where AI fails.

Manage

Manage prioritizes and acts on the risks that Measure surfaces: allocating resources, applying controls, responding to incidents and deciding what's acceptable. It's the function that closes the loop, turning measurement into action. A risk you measure but don't manage is just a risk you've described.

Implementation steps: prioritize risks by impact and likelihood; apply and enforce controls, ideally as code rather than guidance; establish an incident-response path including the ability to intervene; and feed what you learn back into Govern and Map. For agents, Manage must include runtime intervention, the ability to pause an agent when its risk crosses a threshold, because a managed risk you can't act on quickly isn't managed.

How do you implement the NIST AI RMF?

You implement the NIST AI RMF by turning each function into enforced practice rather than documentation, anchored on a single inventory and continuous signals. The table below maps each function to the concrete actions it requires and the capability that operationalizes it.

Every function depends on knowing what AI you run and being able to act on it continuously. That's why implementation tends to fail when it starts with documents and succeeds when it starts with an inventory and live signals.

Why do AI agents change AI risk management?

Agents change AI risk management because they introduce risk that only exists in action, and the framework's functions have to reach into runtime to catch it. A model's risk is largely in its outputs. An agent's risk is in its behavior: what it does, what it touches, and what it triggers, often autonomously and continuously.

That reshapes each function. Map has to include the agent's action space and the other agents it can invoke. Measure has to track behavior and data access, not just accuracy. Manage has to include the ability to intervene in real time, because an agent acting on a bad decision doesn't wait for your next review. The NIST AI RMF accommodates this well, its functions were always meant to be continuous, but a program that implemented them as periodic, model-centric checkpoints will find those checkpoints blind to where agents actually create risk. NIST AI RMF vs EU AI Act vs ISO 42001

These three are complementary, not competing: the NIST AI RMF is a voluntary risk framework, the EU AI Act is binding law, and ISO 42001 is a certifiable management-system standard. Many organizations use all three, mapping one set of controls to satisfy each.

The practical move is to build your risk program on the NIST functions, since they're the most operational, then map that program to the EU AI Act's obligations and ISO 42001's controls. Build the controls once, satisfy the frameworks many times. Fragmented compliance, a separate effort per framework, is how organizations end up doing the same work three times and still having gaps.

How an AI Command Center operationalizes the NIST AI RMF

An AI Command Center operationalizes the NIST AI RMF by making each function a running capability rather than a binder: one inventory for Govern, registration that classifies risk for Map, continuous monitoring and a trust signal for Measure, and policy enforced as code with intervention for Manage. The framework stops being something you assert and becomes something the system does.

Concretely, every model, use case and agent is captured at the source with an owner and a risk tier, which gives Govern and Map a live foundation instead of a stale spreadsheet. A universal trust score folds assessment, traceability, lifecycle, policy and monitoring into one figure, which is Measure made continuous and readable. Out-of-the-box assessments for the NIST AI RMF, the EU AI Act and AIUC-1 map your single set of controls to each framework, so you implement once and report many times. And policy enforced as code, with the ability to pause an agent, lets Manage act at runtime, not just recommend. Frequently asked questions

What is an AI risk management framework? An AI risk management framework is a structured, repeatable approach to identifying, measuring and controlling the risks an AI system creates, defining accountability, classification, measurement and response so risk is handled consistently across every model and agent.

What is the NIST AI RMF? The NIST AI Risk Management Framework is a voluntary framework from the US National Institute of Standards and Technology for managing AI risk and building trustworthy AI, organized around four functions: Govern, Map, Measure and Manage.

What are the four functions of the NIST AI RMF? Govern establishes culture, policy and accountability; Map sets context and identifies risk; Measure analyzes and tracks risk with evidence; and Manage prioritizes and acts on risk. Govern is cross-cutting and wraps the other three.

How do you implement the NIST AI RMF? By turning each function into enforced practice on a single AI inventory: assign ownership and policy for Govern, classify risk at registration for Map, monitor continuously for Measure, and enforce controls with runtime intervention for Manage.

How does the NIST AI RMF apply to AI agents? Agents add risk that exists only in action, so Map must cover the agent's action space, Measure must track behavior and data access, and Manage must include runtime intervention. The framework's continuous design fits agents, if implemented continuously rather than as periodic checkpoints.

Is the NIST AI RMF mandatory? No. The NIST AI RMF is voluntary and carries no direct enforcement. Many organizations adopt it because it is operational and maps well to binding regimes like the EU AI Act and certifiable standards like ISO 42001.

What is the difference between the NIST AI RMF and the EU AI Act? The NIST AI RMF is a voluntary framework for managing AI risk. The EU AI Act is binding law with obligations by risk tier and penalties for non-compliance. Organizations often use the NIST functions to operationalize the controls the EU AI Act requires.

How does the NIST AI RMF relate to ISO 42001? ISO/IEC 42001 is a certifiable AI management-system standard, while the NIST AI RMF is a voluntary risk framework. They complement each other: the NIST functions structure the risk work, and ISO 42001 certifies that a managed system is in place.

• 

  Collibra

  Collibra

  Enterprise AI Control Plane