Resource · NIST AI RMF Implementation Guide
NIST AI RMF 1.0 — translating the framework into daily operations.
NIST AI RMF 1.0 (NIST AI 100-1, January 2023) and the Generative AI Profile (NIST AI 600-1, July 2024) are the US baseline for trustworthy AI. They are voluntary at the federal level, but they are being absorbed into state laws (Colorado AI Act references them as a safe-harbor standard), customer contracts, cyber insurance underwriting, and federal procurement (EO 14110 + OMB M-24-10). This guide is the operator's translation: what the four functions require, what evidence to produce, and the 90-day runbook we run for US deployers.
Written for the CIO, CISO, or Chief AI Officer of a US 100–5,000-employee organization being asked by an auditor, board, or major customer to demonstrate NIST AI RMF alignment. Operator voice, not academic theory. EFROS runs the program; this page is the public version of the playbook.
Self-assess before you read
Get a NIST AI RMF–aligned snapshot of your org's AI posture in 8 minutes
The EFROS AI Risk Score is a free 8-minute self-assessment structured around the four NIST AI RMF functions. You answer 20 questions about inventory, classification, measurement, and management; we produce a scored report you can take into a board meeting tomorrow. The rest of this page reads better once you know where your gaps are.
Run the AI Risk Score (8 min, free) →What it actually is
What NIST AI RMF actually is
NIST AI RMF refers to three artifacts that work together:
- NIST AI 100-1 — The AI Risk Management Framework 1.0 (January 2023). The core document. Defines the four functions (Govern, Map, Measure, Manage) and the trustworthy AI characteristics (valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, fair with harmful bias managed). Published by the National Institute of Standards and Technology under direction from the National AI Initiative Act of 2020.
- NIST AI 600-1 — Generative AI Profile (July 2024). The GenAI-specific companion. Adds content provenance, harmful-output testing, dual-use foundation model risks, third-party governance for GenAI vendors, and information integrity controls. If you run any generative AI, the 600-1 profile is in scope.
- The AI RMF Playbook. The interactive companion that maps each function to specific actions. Lives at nist.gov/itl/ai-risk-management-framework. Treat it as the operational reference once you have the framework anchored.
The framework is voluntary at the federal level, but the voluntary label is misleading. State laws are absorbing it (Colorado AI Act SB 24-205 explicitly references it as a safe-harbor risk-management standard), customer contracts demand it, cyber insurance underwriting questionnaires ask about it, and federal procurement requires it under Executive Order 14110 and OMB M-24-10. For most US organizations of meaningful scale, AI RMF is practically expected even when it isn't legally required.
The four functions
Govern, Map, Measure, Manage — in plain language
The four functions are not phases. GOVERN runs continuously and informs the other three; MAP, MEASURE, and MANAGE cycle as your AI surface changes. Each function described below with one paragraph on what it requires and an operational example you can apply this quarter.
GOVERN
Cultivates a culture of AI risk management across the organization — policies, processes, accountability, and resourcing. GOVERN is cross-cutting; it informs and is informed by the other three functions.
Operational example:Designate a named AI Risk Owner (typically the CISO, CIO, or a Chief AI Officer in larger orgs) with a documented charter. Stand up an AI Governance Committee with cross-functional membership (Security, Legal, Privacy, HR, Procurement, business unit leads). Publish an Acceptable Use Policy that enumerates approved AI systems by tier and explicitly blocks consumer-tier AI for sensitive data. Maintain a quarterly review cadence with documented minutes and decisions.
MAP
Establishes the context to frame risks related to an AI system: what it does, where it is deployed, who it affects, what could go wrong, and how it interacts with the rest of the organization.
Operational example:For every AI system in your inventory, produce a 1-page system card that documents: purpose, vendor, data inputs and sensitivity classes, output destinations, downstream decisions informed, populations affected, applicable laws (Colorado AI Act, NYC LL144, sector overlays), and the responsible business owner. Re-MAP whenever a system materially changes (new model version, new data source, expanded user population, new geography).
MEASURE
Employs quantitative, qualitative, or mixed-method tools to analyze, assess, benchmark, and monitor AI risk. MEASURE is where trustworthy AI characteristics get tested rather than asserted.
Operational example:Run periodic validation against trustworthiness characteristics: accuracy on representative inputs, bias performance across demographic slices (Section 1557-style), hallucination rate sampling, prompt injection resilience (OWASP LLM Top 10), output stability under input drift, security posture (NIST AI 100-2 E2023 adversarial ML). Capture results in a Measurement Log per system with thresholds and remediation triggers.
MANAGE
Allocates risk resources, prioritizes responses, communicates with stakeholders, and operates the day-to-day controls. MANAGE is where evidence is produced and incidents are handled.
Operational example:Implement human-in-the-loop checkpoints on every high-risk system output. Configure audit logging (Microsoft Purview AI Hub, Google AI Hub, or equivalent) with retention aligned to the longer of regulatory requirement or 7 years. Maintain an AI incident response playbook integrated with the broader IR plan. Produce a quarterly executive AI risk report to the AI Governance Committee and board.
NIST AI 600-1 · Generative AI Profile
What the GAI Profile added for generative AI
NIST AI 600-1 (July 2024) extends AI RMF 1.0 with controls specific to generative AI and dual-use foundation models. If you run any GenAI — M365 Copilot, ChatGPT Enterprise, Claude for Work, custom RAG, fine-tuned foundation models — the 600-1 profile is in scope and your auditors will ask about it.
Content provenance and authentication
NIST AI 600-1 (July 2024) adds explicit guidance on content provenance — watermarking, C2PA-aligned content credentials, and synthetic-content disclosure. Operational implication: every generative AI deployment needs a documented stance on output labeling, especially for customer-facing content. Cross-references NIST AI 800-1 (Synthetic Content).
Harmful-output testing
Pre-deployment and ongoing testing for CBRN information leakage, dangerous capability uplift, harmful bias, IP infringement in outputs, and disinformation amplification. Required test categories expanded relative to AI RMF 1.0 core, and weighted heavily for foundation model deployments.
Dual-use foundation model risk
Specific guidance for organizations deploying or fine-tuning dual-use foundation models above the EO 14110 reporting threshold (10^26 FLOPs training compute). Includes risk classification for model weights handling, red-teaming requirements, and reporting obligations under EO 14110 §4.2.
Third-party governance
Expanded vendor governance specifically for GenAI providers: model card validation, training data lineage documentation, indemnification posture for IP claims, evaluation methodology disclosure, and change management for model version updates. The 600-1 profile expects you to treat each major model upgrade as a re-MAP event.
Information integrity
Controls for the information ecosystem your GenAI deployment participates in — disinformation resilience, abuse reporting channels, takedown procedures for harmful outputs, and coordination with platform-level reporting where applicable. Particularly material for any GenAI surface exposed to end consumers.
Framework comparison
Where NIST AI RMF lands relative to other frameworks
NIST AI RMF is the US baseline. Twelve frameworks you may encounter in scope, their mandatory/voluntary status, what they cover, and what they're anchored in. Use this table to understand which obligations stack on top of AI RMF for your specific sector and geography.
| Framework | Status | Coverage | Anchored In |
|---|---|---|---|
| NIST AI RMF 1.0 | Voluntary federal baseline | All AI systems, cross-sector | NIST AI 100-1 (Jan 2023). 4 functions: Govern, Map, Measure, Manage. |
| NIST GAI Profile | Voluntary federal companion | Generative AI and dual-use foundation models | NIST AI 600-1 (July 2024). Adds content provenance, harmful-output testing, third-party governance. |
| Colorado AI Act SB 24-205 | Mandatory (effective Feb 2026) | High-risk AI in consequential decisions, 9 categories | Colorado §6-1-1701. Explicitly references NIST AI RMF as a safe-harbor risk-management standard. |
| NYC Local Law 144 | Mandatory | Automated employment decision tools used on NYC residents | NYC DCWP rules. Annual independent bias audit + candidate notice required. |
| NYDFS Part 500 AI overlay | Mandatory (NY financial services) | AI used by NYDFS-regulated entities | NYDFS Part 500 + 2024 industry letter on AI cybersecurity risks (social engineering, deepfake, third-party AI). |
| SR 11-7 (banking) | Mandatory (Fed-supervised banks) | Model risk management — AI/ML models inherited | Federal Reserve SR 11-7 (2011) + OCC 2011-12. Validation, monitoring, governance for material models. |
| HHS-OCR Section 1557 (clinical AI) | Mandatory (effective July 2024) | Algorithmic non-discrimination in covered health programs | Section 1557 final rule §92.210. Identify, mitigate, document discrimination risk in clinical decision support. |
| HICP 405(d) (healthcare) | Voluntary recognized practice | Cybersecurity practices for HIPAA-covered entities; AI surface inherits | HHS 405(d) Health Industry Cybersecurity Practices. PL 116-321 safe-harbor reference. |
| ISO/IEC 42001:2023 | Voluntary international standard | AI management system — the AI counterpart to ISO 27001 | ISO/IEC 42001:2023. Annex A controls map cleanly to NIST AI RMF functions; certifiable. |
| FedRAMP | Mandatory (federal cloud) | Cloud services sold to federal agencies — AI inherits Authorization-to-Operate scope | FedRAMP baselines + OMB M-24-10 AI-specific obligations for federal AI use. |
| DoD AI Ethical Principles | Mandatory (DoD) | AI used by Department of Defense; flows to defense industrial base | DoD Directive 3000.09 + DoD Responsible AI Strategy. CMMC overlay applies to handlers of CUI/AI artifacts. |
| OMB M-24-10 | Mandatory (federal agencies) | Federal AI use governance, including procurement and rights-/safety-impacting AI | OMB Memorandum M-24-10 (March 2024) implementing EO 14110. Anchors federal AI procurement standards. |
GOVERN in practice
AI inventory template — the GOVERN function operationalized
The inventory is the foundation of GOVERN. Ten sample rows below using real-world vendor names from the US enterprise stack. Use this structure as the starting point; expect 30–80 entries for a 500-person org once you include the AI-embedded SaaS layer.
| ID | Function | Vendor | Data Sensitivity | Use Tier | Owner | Last Reviewed | Risk Posture |
|---|---|---|---|---|---|---|---|
| AI-001 | Productivity copilot | Microsoft 365 Copilot | Confidential | Tier 2 Material | CIO | 2026-04-15 | Govern via Purview AI Hub; DLP enforced; quarterly permission audit. |
| AI-002 | General-purpose enterprise LLM | ChatGPT Enterprise (OpenAI) | Confidential | Tier 2 Material | CISO | 2026-04-10 | Enterprise tier only; ZDR enabled; consumer tier blocked at identity layer. |
| AI-003 | General-purpose enterprise LLM | Claude for Work (Anthropic) | Confidential | Tier 2 Material | CISO | 2026-04-10 | Enterprise / Team tier; zero training on customer data; documented BAA where applicable. |
| AI-004 | Sales workflow AI | Salesforce Einstein / Einstein Copilot | Confidential (CRM) | Tier 2 Material | VP Sales + CIO | 2026-03-28 | Einstein Trust Layer enabled; PII masking on; bias review every 6 months. |
| AI-005 | Enterprise search / RAG | Glean | Confidential | Tier 2 Material | CIO | 2026-04-22 | Permission-aware retrieval; quarterly source-permission audit; output audit sampling. |
| AI-006 | Clinical AI scribe | Microsoft DAX Copilot | PHI | Tier 1 Critical | CMIO | 2026-04-30 | BAA executed; Section 1557 bias methodology documented; human signoff per encounter. |
| AI-007 | Legal AI assistant | Harvey | Privileged | Tier 1 Critical | General Counsel | 2026-04-18 | Privilege-preservation review; output sampling for hallucinations; case-citation verification protocol. |
| AI-008 | Productivity / docs AI | Notion AI | Internal | Tier 3 Routine | CIO | 2026-04-05 | Blocked for PHI/Privileged content; AUP enforced; no fine-tuning on customer data. |
| AI-009 | Meeting transcription AI | Otter.ai (Enterprise) | Confidential | Tier 2 Material | CIO | 2026-04-02 | Two-party consent workflow; blocked for board meetings and privileged calls; retention policy aligned to records schedule. |
| AI-010 | Custom RAG application | Azure OpenAI (in-house build) | Confidential | Tier 1 Critical | CTO + CISO | 2026-04-25 | Red-team annually; OWASP LLM Top 10 controls implemented; drift monitoring on retrieval corpus. |
Inventory rows are illustrative. EFROS maintains live vendor posture matrices for our managed AI Governance customers, updated quarterly as vendor terms and AI feature scope change.
MAP in practice
Risk classification — the 3-tier matrix
MAP is where context becomes classification. Use the 3-tier matrix below to assign every inventoried system. Document the rationale; the rationale is more important than the tier label when an auditor reviews the program. Five examples per tier across realistic enterprise AI workloads.
Tier 1 — Critical
AI systems that materially inform consequential decisions about individuals, or that operate on regulated data (PHI, privileged, regulated financial). Failure produces direct legal, safety, or material business harm. Requires full MAP + MEASURE + MANAGE cadence, named accountable owner, documented human-in-the-loop, and quarterly executive review.
Examples
- Clinical decision support (sepsis prediction, imaging interpretation, AI scribes informing billing)
- Insurance prior authorization or claims adjudication AI (deployer-side)
- Custom-built RAG over privileged or PHI corpora (legal, clinical, M&A)
- AI used in hiring decisions for protected classes (resume screening, interview scoring)
- Algorithmic fraud or AML risk scoring at a financial institution (SR 11-7 inherits)
Tier 2 — Material
Broadly used AI systems with significant data exposure but lower individual-decision impact. Productivity copilots, enterprise LLM platforms, sales/marketing AI, AI-embedded SaaS. Requires inventory, AUP enforcement, vendor BAA/DPA verification, output sampling, and semi-annual review. The bulk of enterprise AI lives in Tier 2.
Examples
- Microsoft 365 Copilot tenant-wide
- ChatGPT Enterprise / Claude for Work / Gemini for Workspace
- Glean / Notion AI / Asana AI / Slack AI for general operational use
- Salesforce Einstein for sales workflow (non-decisioning)
- Otter.ai or Fathom for non-privileged meeting transcription
Tier 3 — Routine
Limited-scope AI features embedded in tools with narrow data exposure and no individual-decision impact. Spell-check, grammar suggestions, image background-removal, autocomplete. Requires inventory entry and AUP coverage but minimal ongoing measurement burden. Re-classify upward if scope expands.
Examples
- Grammarly (default tier — no fine-tuning on customer data)
- Outlook / Gmail smart compose and reply suggestions
- Canva or Adobe Express generative fill for marketing assets
- GitHub Copilot for low-sensitivity public-repo development
- AI background-replacement in Zoom / Teams meetings
MEASURE in practice
Validation and monitoring — what MEASURE actually requires
MEASURE is where most NIST AI RMF programs stall. The function is real work: it requires logging infrastructure, sampling protocols, thresholds, and named owners. Below are the measurement categories EFROS runs for Tier 1 systems, with the NIST references that auditors will recognize.
Accuracy and validity
Representative input set per system, gold-standard answer set, periodic re-validation when model versions change or data drift exceeds threshold. For clinical and financial AI, alignment with SR 11-7 model validation methodology produces evidence usable across both regimes.
Bias and harmful-bias management
Demographic-slice performance analysis. For clinical AI, HHS-OCR Section 1557 final rule (effective July 2024) sets the methodology. For employment AI, NYC LL144 sets the annual independent bias audit standard. NIST AI 100-1 treats fairness as a trustworthy AI characteristic with documented harmful-bias mitigation.
Hallucination rate
Sample outputs from production deployments, score for factual accuracy against ground truth where ground truth exists, document hallucination rate per system. For customer-facing GenAI, hallucination rate is a board-level metric. The NIST AI 600-1 GAI Profile expects this as a measurement category for generative systems.
Prompt injection resilience
Adversarial testing aligned to OWASP Top 10 for Large Language Model Applications. Cross-reference NIST AI 100-2 E2023 (Adversarial Machine Learning) for taxonomy and attack categories. EFROS runs this as an annual AI Pen-Test engagement; output is reproduction steps + severity ratings + remediation.
Output stability under drift
Periodic re-evaluation of the same input set as the underlying model, retrieval corpus, or upstream data change. Material output instability is a re-MAP trigger. For custom-deployed models running on AWS Bedrock, Azure OpenAI, or Google Vertex AI, drift monitoring is part of the deployment pattern, not an afterthought.
Synthetic content controls
For GenAI producing customer-facing or external content, apply NIST AI 800-1 (Synthetic Content) guidance for watermarking, content credentials, and synthetic-content disclosure. Cross-reference the GAI Profile (600-1) content provenance category.
The measurement log is the artifact your auditor and your cyber insurance underwriter will ask for. Maintain it per system, version it over time, and treat material changes in measurement results as a re-MAP trigger.
90-day runbook
The 12-task NIST AI RMF runbook
Three phases — Inventory & Govern, Map & Measure, Manage & Operate. Twelve tasks across 24 weeks. Each task includes what to do, who owns it, and the evidence artifact that survives the audit. The runbook is sequenced for a 500–5,000-employee US org; smaller orgs compress, larger orgs add depth per phase.
Stand up governance and discover the AI surface
What:Charter the AI Governance Committee with named members, publish AI Acceptable Use Policy v1, deploy shadow-AI discovery across browser, identity, and network logs. Survey every business unit lead on AI tools in use.
Owner:CISO (Risk Owner), with CIO + General Counsel co-sponsors
Evidence:Governance Committee charter, AUP v1 published, shadow-AI discovery report, business-unit AI survey responses.
Build the canonical AI inventory
What:Consolidate discovered + declared AI systems into a single inventory: AI System ID, Function, Vendor, Data Sensitivity, Use Tier (preliminary), Owner, Last Reviewed, Risk Posture. Block consumer-tier AI for regulated-data users at the identity layer.
Owner:CIO with Security Operations
Evidence:Canonical AI inventory (current snapshot + versioning), identity-layer blocking policy for consumer-tier AI.
Vendor BAA/DPA + EO 14110 / OMB M-24-10 exposure review
What:Verify executed BAA or DPA with every AI vendor processing regulated data. Document training-data lineage and indemnification posture. Identify any obligations triggered by federal procurement (OMB M-24-10) or dual-use foundation model thresholds (EO 14110 §4.2).
Owner:General Counsel + Procurement
Evidence:Vendor BAA/DPA matrix, training-data lineage memo per vendor, federal procurement exposure note.
Risk classification — apply the 3-tier matrix
What:Classify every inventoried system as Tier 1 Critical, Tier 2 Material, or Tier 3 Routine. Document rationale per system with reviewer sign-off. Cross-reference state and sector overlays (Colorado AI Act, NYC LL144, Section 1557, SR 11-7) to flag systems with multi-jurisdictional exposure.
Owner:CISO + business unit owners
Evidence:Tier classification with documented rationale per system, multi-jurisdictional exposure flag list.
Trustworthiness measurement — pilot on Tier 1
What:For every Tier 1 system, run baseline measurement: accuracy on representative inputs, bias performance across demographic slices, hallucination rate sampling, prompt injection resilience (OWASP LLM Top 10), output stability under drift. Reference NIST AI 100-2 E2023 for adversarial ML methodology.
Owner:CISO + system-specific business owners
Evidence:Per-system Measurement Log v1, NIST AI 100-2 E2023 alignment note, prompt-injection test results.
GAI Profile (NIST AI 600-1) overlay for generative systems
What:For every GenAI system, apply the NIST AI 600-1 profile additions: content provenance posture, harmful-output testing categories, third-party governance documentation, info integrity controls. Cross-reference NIST AI 800-1 for synthetic content guidance.
Owner:CISO + Communications (for content provenance) + Legal
Evidence:GAI Profile alignment per GenAI system, content provenance posture document, harmful-output test plan.
Human-in-the-loop + audit logging for Tier 1
What:Implement documented human review checkpoints on Tier 1 system outputs. Configure audit logging via Microsoft Purview AI Hub, Google AI Hub, or equivalent. Set retention per the longer of regulatory requirement or 7 years. Define escalation thresholds.
Owner:Business unit owners + Security Operations
Evidence:HITL checkpoint runbook per Tier 1 system, audit logging configuration, retention policy.
AI incident response integration
What:Extend the broader incident response plan to cover AI-specific incidents: prompt injection exploitation, data leakage via prompt or output, model poisoning, harmful output liability. Run tabletop with the IR team on one AI-specific scenario.
Owner:CISO + Security Operations
Evidence:AI incident response playbook addendum, tabletop exercise report.
Acceptable Use Policy v2 + staff training
What:Refresh AUP based on inventory and classification. Roll out role-specific training: general staff, regulated-data handlers, AI builders, and executives. Document acknowledgement per user. Establish quarterly micro-refresh cadence.
Owner:CISO + HR + Communications
Evidence:AUP v2, training completion records, quarterly refresh cadence document.
Quarterly executive AI risk report v1
What:Produce the first quarterly executive AI risk report: inventory snapshot, material risks, measurement findings, incident summary, remediation status, regulatory exposure changes. Present to AI Governance Committee, executive team, and audit committee of the board.
Owner:CISO with CIO + General Counsel
Evidence:Quarterly AI risk report v1, committee meeting minutes, decisions log.
External evidence pack — customer + auditor edition
What:Package the operational evidence into a customer-ready and auditor-ready pack. Mirror the structure of SOC 2 reporting — control objective, control description, evidence reference. Cross-reference to ISO/IEC 42001 where dual-mapping is useful.
Owner:CISO + Sales / Customer Trust
Evidence:External AI Governance evidence pack v1, NIST AI RMF + ISO 42001 control mapping.
Continuous improvement loop
What:Lock in the operating rhythm: monthly inventory delta review, quarterly measurement cadence per tier, semi-annual external evidence refresh, annual full re-MAP. Document the cadence as a published Operating Standard.
Owner:CISO with AI Governance Committee
Evidence:Operating Standard document, calendar of recurring AI governance ceremonies.
Honest failure modes
What stops orgs from getting AI RMF actually adopted
Five anti-patterns EFROS has seen across real implementations. Each one is fixable; none of them are fixed by buying more tooling. The fix is operational discipline, not product procurement.
No executive owner
The program is treated as a working group with no named accountable executive. Decisions stall, evidence isn't produced, and the auditor or customer finds nobody with a charter to sign anything. Fix: name a single AI Risk Owner (typically CISO, CIO, or Chief AI Officer) with a published charter and committee membership documented in writing.
Vendor governance gaps
BAA / DPA review stops at the top-3 AI vendors. The AI-embedded long tail (Notion AI, Asana AI, Slack AI, Zoom AI Companion, the embedded copilot inside every SaaS your company signed last year) never gets reviewed. Fix: extend procurement intake to flag every contract with AI features and add an AI-vendor review gate to the onboarding workflow.
No measurement infrastructure
MEASURE function lives in a Google Doc. There's no logging configuration, no sampling protocol, no thresholds. When an incident happens, the org has no telemetry to investigate. Fix: configure audit logging (Purview AI Hub, Google AI Hub, or equivalent) on Day 1, define sampling protocol per Tier 1 system, and document thresholds with named escalation contacts.
Policy without operations
The AUP is published, training is rolled out, and everyone congratulates themselves. Nobody is verifying that consumer-tier ChatGPT is actually blocked at the identity layer for clinical staff, or that the Tier 1 system's HITL checkpoint is actually being used. Fix: every policy clause must have a corresponding operational verification — control, log, or evidence — or the clause doesn't go into the policy.
Inventory drift
The inventory is accurate on Day 90 and gradually decays over the next year. New AI tools get adopted without entering the inventory. Existing tools change tiers without anyone noticing. Fix: monthly inventory delta review with three inputs — procurement intake, shadow-AI discovery rerun, business-unit owner survey. Treat inventory drift as an audit finding internally before an external auditor finds it.
FAQ
NIST AI RMF — common questions
Is NIST AI RMF actually mandatory anywhere?
Directly mandatory: federal agencies use it as the baseline under OMB M-24-10 (March 2024) implementing EO 14110. Indirectly mandatory in three ways. First, state laws explicitly reference it — the Colorado AI Act SB 24-205 names NIST AI RMF as a safe-harbor risk-management standard. Second, customer contracts increasingly require AI risk-management attestation, and NIST AI RMF is the most-cited US framework in those clauses. Third, cyber insurance underwriting questionnaires now ask about NIST AI RMF alignment for AI-related coverage. Voluntary in name, expected in practice for any US organization of meaningful scale.
We use OpenAI, Anthropic, and Google — does NIST AI RMF cover vendor governance?
Yes. The GOVERN function explicitly covers third-party AI risk, and the NIST AI 600-1 GAI Profile (July 2024) expanded vendor governance for GenAI providers. Operationally that means: executed enterprise contract (not consumer terms), documented training-data and indemnification posture, model-card validation, change management for model version updates (treat a major version upgrade as a re-MAP event), and incident escalation paths. EFROS maintains vendor matrices for the major LLM providers (OpenAI, Anthropic, Google, Microsoft) and the AI-embedded SaaS layer.
How does NIST AI RMF compare to ISO/IEC 42001 — should we do both?
NIST AI RMF is process-oriented and US-anchored; ISO/IEC 42001:2023 is management-system-oriented and certifiable internationally. The Annex A controls in 42001 map cleanly to NIST AI RMF functions, which makes dual-mapping low-cost once you have AI RMF running. Practical answer: if you sell to US customers and regulators, start with NIST AI RMF — that's what your buyers and auditors will cite. Add ISO/IEC 42001 when you have multinational exposure, when a customer specifically asks for it, or when you want a certifiable AI management system. We build programs that produce evidence usable for both.
What's the smallest meaningful implementation of NIST AI RMF for a 500-employee company?
Five-element minimum viable program: (1) Named AI Risk Owner with a 1-page charter, (2) an AI inventory with Tier classification (most 500-person orgs land at 30-80 inventory entries when you include the AI-embedded SaaS layer), (3) an Acceptable Use Policy that addresses Copilot, the general-purpose enterprise LLMs your staff actually use, and the long-tail embedded AI, (4) audit logging on Tier 1 systems plus quarterly sampling on Tier 2, and (5) a quarterly executive risk report to the executive team and the audit committee of the board. That's the floor. Most 500-person orgs add HITL checkpoints on Tier 1 and an annual AI Pen-Test on customer-facing GenAI within the first year.
Does NIST AI RMF help us with Colorado AI Act compliance?
Directly. The Colorado AI Act SB 24-205 explicitly names NIST AI RMF as a safe-harbor risk-management standard. A deployer that operates a documented NIST AI RMF program with Colorado-specific overlays (impact assessment per §6-1-1701(8), consumer notice, opt-out rights, annual review) is positioned for the rebuttable presumption that the deployer used reasonable care under the act. The mapping is direct: AI RMF GOVERN underpins the risk-management policy requirement, MAP produces the impact assessment artifact, MEASURE supplies the algorithmic discrimination evidence, MANAGE operates the human-oversight controls. See our Colorado AI Act for Healthcare Deployers resource for the sector-specific overlay.
What does an EFROS NIST AI RMF assessment actually produce?
A fixed-fee 10-day audit produces: (1) AI inventory with Tier classification and documented rationale per system, (2) vendor BAA/DPA matrix with gaps flagged, (3) NIST AI RMF function-level gap assessment (GOVERN/MAP/MEASURE/MANAGE) with scored maturity per function, (4) GAI Profile (NIST AI 600-1) overlay for every GenAI system, (5) Colorado AI Act / NYC LL144 / SR 11-7 / Section 1557 sector-overlay exposure flags, (6) prioritized 90-day runbook with named owners and evidence artifacts, (7) board-grade executive briefing. The audit converts to a managed AI Governance retainer with the audit fee credited toward the first quarter for customers who continue.
Related EFROS resources
Read next
AI Governance Service
The 5-pillar EFROS AI Governance program: inventory, risk classification, NIST AI RMF / ISO 42001 policy framework, monitoring, quarterly compliance reporting.
Colorado AI Act for Healthcare Deployers
Colorado AI Act SB 24-205 applied to US healthcare AI. BAA matrix, Section 1557 algorithmic non-discrimination, 90-day deployer roadmap.
AI Risk Score (8-min self-assessment)
NIST AI RMF–aligned 20-question assessment. Produces a scored gap report you can take into a board meeting.
Glossary
Working definitions for NIST AI RMF, GAI Profile, Colorado AI Act, SR 11-7, Section 1557, ISO/IEC 42001, and the regulatory acronyms that show up in audit findings.
Primary sources
Authoritative references
- NIST AI Risk Management Framework (nist.gov) — the canonical hub for AI 100-1, AI 600-1, AI 800-1, and the AI RMF Playbook.
- ai.gov — the federal AI portal aggregating implementation guidance, agency activity, and procurement standards.
- Executive Order 14110 (whitehouse.gov) — the foundational federal AI EO; sets the dual-use foundation model reporting threshold and the federal procurement direction.
- OMB M-24-10 (whitehouse.gov/omb) — OMB Memorandum implementing EO 14110 for federal agency AI use, including rights-impacting and safety-impacting AI obligations.
Three ways to operationalize this
Self-assess in 8 minutes, reserve the fixed-fee 10-day AI Governance audit with the deliverables described on this page, or read the full AI Governance service offering.