United States · Voluntary framework
NIST AI RMF, trustworthy
The United States' reference framework for trustworthy AI. Voluntary by law, increasingly mandatory in practice — enterprise buyers and federal agencies expect it.
- Status
- Published — v1.0 + Generative AI profile
- Structure
- 4 functions: Govern, Map, Measure, Manage
- Legal force
- Voluntary — de facto US baseline
- Controls in Unorma
- 72
What it is
The NIST AI Risk Management Framework, in plain language.
The NIST AI Risk Management Framework organizes trustworthy AI around four functions — Govern, Map, Measure and Manage — and seven characteristics, from validity and reliability to fairness and accountability. It is the deepest of the major frameworks: 72 controls in Unorma's implementation.
There are no NIST fines. There are lost deals instead: US enterprise procurement, federal contractors and insurers increasingly ask for AI RMF alignment. Adopting it early is the cheapest trust signal available in the US market — and it maps cleanly onto the EU AI Act and ISO 42001 work you may already be doing.
Who it applies to
US-market AI vendors
Selling AI into US enterprises or government? AI RMF alignment is turning up in RFPs and vendor security reviews.
Enterprises deploying AI
The framework gives your governance committee a defensible, recognized structure for AI risk decisions.
Global companies
Pairing NIST with the EU AI Act covers both sides of the Atlantic — and Unorma maps the overlap automatically.
Requirements
What NIST AI RMF actually asks of you.
72 controls in Unorma — each with plain-language guidance, action steps and the evidence you need.
Govern
Policies, accountability structures and a risk culture that spans the AI portfolio.
Map
Context, capabilities, and impacts of each system — categorized and documented.
Measure
Quantitative and qualitative assessment of trustworthiness characteristics and risks.
Manage
Prioritizing, responding to and monitoring risks over the full lifecycle.
Trustworthiness characteristics
Valid & reliable, safe, secure, accountable, explainable, privacy-enhanced, fair.
Generative AI profile
Specific guidance for the risks unique to generative systems.
NIST AI RMF in Unorma
From regulation text to audit-ready, in one platform.
Maturity assessment 1–5
Each AI system gets a NIST maturity level with a clear path to the next one — not just a pass/fail checkbox.
Six NIST document templates
AI RMF Playbooks, Impact Assessments, Risk Registers and Monitoring Plans, generated from your actual system data.
Cross-framework credit
Evidence uploaded for the EU AI Act or ISO 42001 is automatically suggested against matching NIST controls — ~100 mappings built in.
Gap analysis with guidance
All 72 controls with plain-language explanations, action steps and evidence requirements per control.
Track NIST AI RMF readiness from day one.
14-day free trial · No credit card · All 72 controls included
Cross-framework intelligence
Evidence for NIST AI RMF counts elsewhere too.
~100 cross-framework mappings mean work done once counts toward multiple frameworks automatically.