NIST AI RMF: How to Use the AI Risk Management Framework for Generative AI Governance in 2026

The NIST AI Risk Management Framework (AI RMF), published in January 2023, is rapidly becoming the de facto AI governance standard in the United States — referenced in federal agency procurement requirements, proposed AI legislation, and enterprise AI governance programs. Unlike prescriptive compliance frameworks such as HIPAA or PCI DSS, the AI RMF is voluntary and flexible: it provides a structure for thinking about AI risk rather than a checklist of specific requirements. That flexibility is both its strength and its implementation challenge. This guide explains how the AI RMF works, how it maps to the specific risks of using ChatGPT, Claude, Gemini, and other generative AI tools, and how organizations can use it as the backbone of an AI governance program in 2026.

What the NIST AI RMF is

The NIST AI RMF is organized around four core functions, each with subcategories and informative references:

GOVERN — Establishes policies, processes, and accountability structures for AI risk management across the organization. This is the organizational layer: who is responsible for AI decisions, what policies exist, how risk appetite is defined.

MAP — Identifies and classifies AI risks in context. This function requires organizations to understand the AI system's purpose, stakeholders, and potential harms before deployment.

MEASURE — Analyzes, assesses, and tracks AI risks. This function includes testing, evaluation, and monitoring of AI systems for trustworthiness characteristics (accuracy, reliability, fairness, explainability, etc.).

MANAGE — Responds to and monitors AI risks. This function includes risk treatment (mitigation, acceptance, transfer, avoidance) and ongoing monitoring.

The four functions are not sequential phases — they are ongoing, interrelated activities. An organization should be Governing, Mapping, Measuring, and Managing AI risks simultaneously.

The AI RMF Trustworthiness Characteristics

The AI RMF defines seven characteristics of trustworthy AI systems:

1. Accountable and Transparent — the AI system's decisions can be explained and attributed.
2. Explainable and Interpretable — humans can understand the AI's outputs and reasoning.
3. Fair with Harmful Bias Managed — the AI does not produce systematically discriminatory outputs.
4. Privacy Enhanced — the AI protects personal information throughout its lifecycle.
5. Reliable and Accurate — the AI performs as intended across expected conditions.
6. Safe — the AI does not cause physical, psychological, or financial harm.
7. Secure and Resilient — the AI is resistant to adversarial manipulation and disruption.

For organizations using generative AI tools (rather than building AI systems), these characteristics translate into questions about the vendor's AI, not just the organization's use: Is the AI vendor accountable for its outputs? Can the organization explain to stakeholders and regulators how AI-influenced decisions were made? Does the AI produce biased outputs for protected classes?

Mapping the AI RMF to generative AI tool use

GOVERN: Building the AI governance foundation

The GOVERN function is where most organizations should start. Core activities:

Define AI use categories and risk tiers. Distinguish between AI uses that are low-risk (drafting internal emails, summarizing public documents) and high-risk (AI-influenced hiring decisions, clinical recommendations, credit determinations). Different risk tiers require different governance intensity. For detailed guidance on high-risk use cases, see AI in Hiring 2026 and HIPAA-Compliant AI.

Assign AI risk ownership. Designate a responsible party (AI governance lead, CISO, or cross-functional AI governance committee) for AI risk management decisions. Document their authority, responsibilities, and escalation procedures.

Establish an AI acceptable use policy. The AI RMF's GOVERN function explicitly calls for policies governing AI use. An acceptable use policy that covers approved tools, prohibited data types, and incident response is the foundational governance document. See the AI Acceptable Use Policy template for the seven sections every AUP needs.

Define risk tolerance. Explicitly document the organization's risk appetite for AI. This includes tolerance for AI errors in different contexts, tolerance for data exposure, and tolerance for reputational risk from AI-generated outputs.

MAP: Categorizing AI risks in context

The MAP function requires understanding each AI system's context before deployment:

Identify the AI system's purpose and use case. For generative AI tools, this means documenting what the tool is used for: drafting, summarization, analysis, code generation, customer service. Each use case has a different risk profile.

Identify affected stakeholders. Who could be harmed by the AI system's outputs? For AI used in hiring, affected stakeholders are job candidates. For AI used in clinical decision support, affected stakeholders are patients. For AI used in marketing, affected stakeholders are consumers.

Identify potential harms. Apply the AI RMF's harm taxonomy: physical harms, psychological harms, financial harms, societal harms, reputational harms. For generative AI, common harms include: inaccurate outputs acted upon, biased outputs affecting protected groups, confidential data disclosed to the AI vendor, and outputs used to deceive stakeholders.

Map to regulatory requirements. The AI RMF is designed to be compatible with other frameworks. After mapping risks, identify which regulatory requirements apply — EEOC for hiring AI, HIPAA for healthcare AI, FCRA/ECOA for credit AI, Colorado SB 24-205 for high-risk AI in Colorado. See US State AI Privacy Laws in 2026 for the regulatory landscape.

MEASURE: Evaluating AI system trustworthiness

The MEASURE function involves testing and monitoring. For organizations using third-party AI tools, the MEASURE function partially relies on the vendor's own AI evaluation — the organization cannot fully test the underlying model. But organizations can measure:

Output accuracy. Sample AI outputs in specific use cases and evaluate accuracy. For factual claims, check against authoritative sources. For code generation, run test suites. For clinical summaries, have clinicians review.

Bias and fairness. For AI used in consequential decisions, test whether outputs vary systematically by protected characteristics. This is particularly important for hiring, lending, and healthcare AI. Most AI providers publish model cards with evaluation results; review these for relevant fairness metrics.

Data exposure. Audit what organizational data reaches AI tools. Are employees using enterprise accounts or consumer accounts? Are confidential data categories appearing in AI prompts? DLP monitoring of AI tool traffic provides this measurement.

Incident tracking. Track AI-related incidents — unauthorized data submissions, AI errors that led to incorrect decisions, prompt injection incidents. Incident data feeds back into the GOVERN and MANAGE functions.

MANAGE: Treating and monitoring AI risks

Risk treatment decisions. For each identified risk, document the treatment: accept (document rationale), mitigate (implement controls), transfer (AI vendor DPA/BAA), or avoid (prohibit the use case). The risk register should document these decisions with the responsible party.

Control implementation. Implement the mitigating controls identified in the risk treatment: acceptable use policy, enterprise AI tool accounts, DPA execution, DLP deployment, training, audit logging. For the full control set, see SOC 2 and AI for the SOC 2 lens and ISO 27001 and AI Tools for the ISO 27001 lens.

Ongoing monitoring. AI systems and their risks change over time — vendors update models, introduce new features, change data retention policies. The MANAGE function requires ongoing monitoring: review vendor changelogs, re-assess annually, update training when policies change.

Response procedures. When AI-related incidents occur, the MANAGE function includes response and recovery. Document procedures for: AI-related data breaches, AI errors in consequential decisions, and discovery of unauthorized AI tool use.

The AI RMF Playbook

NIST published a companion AI RMF Playbook with specific suggested actions for each subcategory. Key playbook actions for generative AI governance:

• GOVERN 1.1: Inventory all AI systems in use across the organization (including employee-adopted AI tools, not just sanctioned ones).
• GOVERN 1.2: Define organizational AI risk tolerance before deployment.
• MAP 1.1: Identify the AI system's context of use, including the intended user population and the decisions the AI informs or makes.
• MAP 2.2: Identify potential harms to people, organizations, and society from the AI system's deployment.
• MEASURE 2.1: Document test results, model evaluation results, and vendor AI evaluation materials.
• MANAGE 2.2: Document risk treatment decisions and the rationale for accepting residual risk.

AI RMF and the EU AI Act

Organizations operating in both the US and EU will find significant overlap between the AI RMF and the EU AI Act. Both frameworks:

• Classify AI systems by risk level (the EU AI Act's four tiers map roughly to the AI RMF's risk categories).
• Require risk assessments before high-risk AI deployment.
• Require technical documentation of AI systems.
• Require human oversight for high-risk AI decisions.
• Require transparency to affected individuals.

The EU AI Act is binding law with penalties; the AI RMF is voluntary. But organizations that implement the AI RMF's governance structure will find that it substantially addresses EU AI Act obligations for high-risk AI use cases, with supplemental compliance work needed for the EU Act's specific documentation and conformity assessment requirements.

Getting started: a practical AI RMF implementation roadmap

Month 1: GOVERN foundation

• Designate AI risk ownership.
• Draft an AI acceptable use policy covering approved tools, prohibited data types, and incident response.
• Identify the organization's AI risk tiers (low/medium/high).

Month 2: MAP

• Inventory all AI tools currently used by employees — approved and unapproved.
• For each high-risk use case, complete a structured risk assessment using the MAP function's categories.
• Map identified risks to applicable regulatory requirements.

Month 3: MEASURE and initial MANAGE

• Implement the priority controls identified in the risk assessments: DPA execution, enterprise tool accounts, DLP deployment.
• Establish monitoring cadences: quarterly output review for high-risk AI, annual vendor assessment.
• Brief senior leadership on the AI risk profile and treatment decisions.

Ongoing

• Quarterly: Review AI incident log, update risk register.
• Annually: Re-assess AI tools, update vendor assessments, refresh training, review policy for currency.

The bottom line

The NIST AI RMF does not tell organizations exactly which controls to implement — it tells them how to think about AI risk systematically. For organizations using generative AI tools in 2026, that systematic thinking produces a practical governance program: inventory, classify, assess risks, implement controls proportionate to risk, and monitor continuously. The framework's voluntary nature means that organizations have flexibility to adapt it to their context; its breadth means it can accommodate both a two-person startup and a global enterprise. The AI governance programs that hold up under regulatory scrutiny, insurance audits, and board-level inquiries in 2026 are built on structured risk management — and the AI RMF provides the most widely recognized structure for doing that work.