US Federal Standard

NIST AI Risk Management Framework — Structured AI Governance

The US federal standard for AI risk management. Norivo maps all 60 controls across 4 core functions — Govern, Map, Measure, Manage — with automated gap analysis and evidence tracking.

Get Started Book a Demo

60Controls

4Core Functions

50-60%EU AI Act Overlap

What is NIST AI RMF?

The NIST AI Risk Management Framework (AI RMF 1.0) provides organisations with a structured approach to managing risks associated with AI systems throughout their lifecycle. Published by the National Institute of Standards and Technology, it is the primary AI governance framework for US federal agencies and widely adopted by the private sector.

The framework is organised around four core functions: Govern (establish AI governance structures), Map (contextualise risks), Measure (analyse and assess risks), and Manage (prioritise and act on risks). Each function contains categories and subcategories with specific practices and outcomes.

While voluntary, the NIST AI RMF is increasingly referenced in federal procurement requirements and is expected to form the basis of future US AI regulation. Organisations aligning with NIST AI RMF also find significant overlap with the EU AI Act (50-60%) and ISO 42001 (45-55%).

Manual implementation: £30,000+ in consultant fees. Norivo: from £3,000/yr with automated mapping and evidence tracking.

Why Norivo for NIST AI RMF?

Function-by-Function Mapping

Norivo walks you through each NIST AI RMF function with guided workflows, mapping controls to your existing governance structure.

Cross-Framework Efficiency

50-60% overlap with EU AI Act means one evidence item can satisfy requirements across both frameworks simultaneously.

AI-Powered Maturity Assessment

Nora assesses your current maturity against each function and recommends prioritised actions to close gaps.

Key Requirements

Govern 1: Policies, processes, procedures, and practices (Govern)

Govern 2: Accountability structures and culture (Govern)

Map 1: Context and use case documentation (Map)

Map 2: Interdependency and impact analysis (Map)

Map 3: AI system inventory and classification (Map)

Measure 1: Risk assessment methodologies (Measure)

Measure 2: Evaluation and benchmarking (Measure)

Measure 3: Trustworthiness characteristics (Measure)

Manage 1: Risk prioritisation and response (Manage)

Manage 2: Risk monitoring and review (Manage)

Manage 3: Third-party risk management (Manage)

Manage 4: Incident response and escalation (Manage)

How Norivo Helps

Assess your current state

Norivo's maturity assessment maps your existing practices against all 60 NIST AI RMF controls. Nora identifies gaps instantly.

Map controls to your AI systems

Link each AI system in your registry to applicable NIST AI RMF controls. Cross-map with EU AI Act and ISO 42001 automatically.

Implement and collect evidence

Follow guided workflows for each function. Upload evidence, generate policies, and track remediation tasks.

Monitor and report

Continuous monitoring tracks compliance drift. Generate NIST AI RMF alignment reports for stakeholders and auditors.

Get NIST AI RMF Compliant

Get set up by our team in under 48 hours.