A practitioner's implementation guide for the NIST AI Risk Management Framework (AI RMF 1.0).
Use this repository when you need help translating the NIST AI RMF itself into practical actions, templates, and implementation sequences.
Use a different repo when you need:
- the broader AI operating model:
governance-playbook - release-stage lifecycle governance:
release-governance - a working release-readiness validator:
release-checklist - a starter template repo:
regulated-ai
This guide is maintained by a practitioner, not NIST. Always refer to the official NIST documentation for authoritative language.
| Section | What you will find |
|---|---|
| 01 - Govern | Policies, roles, accountability structures |
| 02 - Map | Risk categorization, context setting, stakeholder identification |
| 03 - Measure | Risk analysis methods, evaluation metrics, testing approaches |
| 04 - Manage | Risk response, prioritization, residual risk acceptance |
| Templates | Ready-to-use document templates |
| Examples | Industry-specific implementation examples |
| Tools | Scripts and utilities for automated governance checks |
| EU AI Act Mapping | Cross-reference between NIST AI RMF and EU AI Act |
| ISO 42001 Mapping | Cross-reference with ISO/IEC 42001 |
- Read 01 - Govern
- Complete the Model Inventory Template
- Run through 02 - Map for your highest-risk AI system
- Use the Risk Assessment Template
- Start with 02 - Map
- Use the Risk Assessment Template
- Use 03 - Measure to evaluate current controls
- Prioritize gaps using the Risk Register Template
- Review the EU AI Act Mapping
- Check the ISO 42001 Mapping
- Use the Governance Checklist
| Repository | What it adds |
|---|---|
| governance-playbook | Broader operating model |
| release-governance | Release lifecycle governance |
| release-checklist | Working release-readiness validator |
| regulated-ai | Starter template repo |
| ai-prism | Curated standards, tools, and papers |
MIT License. This guide is not affiliated with or endorsed by NIST.