The NIST AI Risk Management Framework (AI RMF 1.0) is the most widely referenced non-binding AI governance standard in the United States. It’s voluntary. It’s also, more and more, the shared vocabulary federal agencies, large customers, and auditors use when they ask a regulated firm how it governs AI.
I was inside the FDIC as federal agencies began to reckon with the draft framework in 2021. The firms that have succeeded with it since then haven’t treated it as a standard to conform to. They’ve treated it as a diagnostic to run against themselves. And since July 2024, the picture has gotten more concrete: NIST’s Generative AI Profile (AI 600-1) extended the RMF with specific risks and controls for generative systems, which most of the banks I work with now have in production whether or not there’s a governance program around them.
A lot of firms treat the AI RMF as a checklist, which I think is the wrong starting move. The framework is organized around four functions — Govern, Map, Measure, and Manage — that are meant to interlock continuously rather than be satisfied once. What follows is a translation of each function into something an operating team can run.
Govern
In almost every engagement I run, Govern is the thinnest of the four, partly because people confuse it with writing a policy document. What the framework calls for is closer to a working muscle: the organization’s ability to make and remake decisions about AI as new risks surface. The minimum viable version:
- A named senior accountable executive for AI risk. In banking this is usually the Chief Risk Officer or a newly-minted Chief AI Officer. Not a committee. The accountability expectations from the interagency Supervisory Guidance on Model Risk Management (SR 11-7) apply here directly; AI doesn’t reset the clock on them.
- A documented risk appetite statement that goes beyond “we will use AI responsibly.” It should say specific things, like: we won’t deploy AI in Tier 1 credit decisions without human adjudication for the first 24 months of production.
- A working governance forum that runs monthly, has a standing agenda, and reviews new AI proposals, performance of existing systems, and incidents.
Map
Mapping is where a lot of firms discover they don’t really know what they have. The function asks you to understand each AI system in context: data sources, downstream consumers, the human decisions it informs, the failure modes that matter, and the affected parties. A good Map artifact for a single system fits on two pages and is written in plain English. If a senior examiner can’t follow it, you don’t have a Map yet.
For generative systems, AI 600-1 pushes the Map to cover training-data provenance, confabulation risk, and whatever downstream decisions the model is quietly making on somebody’s behalf.
Measure
At Measure, a lot of firms bring model-quality metrics (accuracy, F1, ROC-AUC) to what should be a risk conversation. Nothing wrong with the metrics themselves; they just don’t answer the question the board is asking. The metrics that belong in a risk report are:
- Rate of model-assisted decisions that get overridden by a human, and why.
- Distribution of model outputs over time (drift).
- Incident count by severity over a trailing 90-day window.
- Time to detect and time to remediate when the model goes wrong.
All four are observable, and at most firms I’ve seen nobody is watching them.
Manage
Manage is where the framework meets the real world: incident response, model retirement, escalation, and the ability to turn the thing off when it goes wrong. Every production AI system needs a documented kill-switch, a named person who can throw it, and at least one real rehearsal of doing so. Systems that have never been turned off on purpose haven’t really been managed yet; they’ve just been monitored.
I hold Frontier Foundry to the same rule — I won’t ship an AI capability until I’ve confirmed I can pull it.
The shortest possible RMF program that works
For a mid-sized regulated firm, the minimum I’d defend in front of an examiner is: one executive owner for AI risk, a monthly governance forum with a standing agenda, a two-page Map artifact for every Tier 1 or Tier 2 system, four risk metrics reported quarterly (override rate, drift, complaints, incident MTTR), and one rehearsed kill-switch per Tier 1 system.
Do those things honestly and you’ve covered most of what the NIST AI RMF asks for, plus most of what an examiner or a customer audit will probe in the first afternoon. Past that, the returns fall off fast.
Virtova advises regulated enterprises on AI governance programs aligned to NIST AI RMF, the EU AI Act, and U.S. banking supervision. If you’re standing up or hardening an AI governance program, book a discovery call.