NIST AI RMF Implementation Guide
A practitioner’s implementation guide for the NIST AI Risk Management Framework (AI RMF 1.0).
Choose this repo when
Use this repository when you need help translating the NIST AI RMF itself into practical actions, templates, and implementation sequences.
Use a different repo when you need:
- the broader AI operating model:
governance-playbook - release-stage lifecycle governance:
release-governance - a working release-readiness validator:
release-checklist - a starter template repo:
regulated-ai
This guide is maintained by a practitioner, not NIST. Always refer to the official NIST documentation for authoritative language.
Practical start point
If you already have AI systems and want to identify gaps, start here:
| Artifact | Use for |
|---|---|
templates/nist-rmf-gap-assessment.md |
Assessing current maturity across Govern, Map, Measure, and Manage |
examples/sample-nist-rmf-gap-assessment.md |
Seeing a filled generic example of an RMF-style gap assessment |
Guide structure
| Section | What you will find |
|---|---|
| 01 - Govern | Policies, roles, accountability structures |
| 02 - Map | Risk categorization, context setting, stakeholder identification |
| 03 - Measure | Risk analysis methods, evaluation metrics, testing approaches |
| 04 - Manage | Risk response, prioritization, residual risk acceptance |
| Templates | Ready-to-use document templates |
| Examples | Industry-specific implementation examples |
| Tools | Scripts and utilities for automated governance checks |
| EU AI Act Mapping | Cross-reference between NIST AI RMF and EU AI Act |
| ISO 42001 Mapping | Cross-reference with ISO/IEC 42001 |
Quick start
If you are starting from scratch
- Read 01 - Govern
- Complete the Model Inventory Template
- Run through 02 - Map for your highest-risk AI system
- Use the Risk Assessment Template
If you have existing AI systems
- Start with the NIST AI RMF Gap Assessment Template
- Compare against the sample gap assessment
- Use 03 - Measure to evaluate current controls
- Prioritize gaps using the Risk Register Template
If you are preparing for compliance
- Review the EU AI Act Mapping
- Check the ISO 42001 Mapping
- Use the Governance Checklist
Related repositories
| Repository | What it adds |
|---|---|
| governance-playbook | Broader operating model |
| release-governance | Release lifecycle governance |
| release-checklist | Working release-readiness validator |
| regulated-ai | Starter template repo |
| ai-prism | Curated standards, tools, and papers |
License
MIT License. This guide is not affiliated with or endorsed by NIST.