The NIST AI Risk Management Framework (AI RMF 1.0) is the most widely-referenced non-binding AI governance standard in the United States. It is voluntary. It is also, increasingly, the lingua franca that federal agencies, large customers, and auditors use when they ask a regulated firm, “How do you govern AI?”
I was inside the FDIC as federal agencies began to reckon with the draft framework in 2021. The firms that have succeeded with it since have not treated it as a standard to conform to; they have treated it as a diagnostic to run against themselves. And since July 2024, the picture has gotten more concrete: NIST’s Generative AI Profile (AI 600-1) extended the RMF with specific risks and controls for generative systems, which most regulated firms now have in production whether or not they have a governance program around them.
Most firms treat the AI RMF as a checklist. That is the wrong instinct. The framework is organized around four functions — Govern, Map, Measure, Manage — that are meant to interlock continuously, not be satisfied once. This piece translates each function into something an operating team can actually run.
Govern
Most firms under-build Govern. It is not a policy document; it is the organization’s ability to make and re-make decisions about AI in light of new risks. The minimum viable Govern capability is:
- A named senior accountable executive for AI risk — in banking, typically the Chief Risk Officer or a newly-minted Chief AI Officer. Not a committee. The accountability expectations from the interagency Supervisory Guidance on Model Risk Management (SR 11-7) apply here directly; AI does not reset the clock on them.
- A documented risk appetite statement for AI that goes beyond “we will use AI responsibly.” It should say things like: “We will not deploy AI in Tier 1 credit decisions without human adjudication for the first 24 months of production,” or “We will not deploy generative AI in customer-facing channels without red-teamed jailbreak testing.”
- A working governance forum — monthly, with a consistent agenda — that reviews new AI proposals, performance of existing systems, and incidents.
Map
Mapping is where most firms find out they do not actually know what they have. The function requires understanding each AI system in context: data sources, downstream consumers, the human decisions it informs, the failure modes that matter, and the affected parties. A good Map artifact for a single system fits on two pages and is written in English, not in ML jargon. If a senior examiner cannot understand it, it is not a Map artifact yet. For generative systems specifically, AI 600-1 adds three things a good Map needs to address: provenance of training data, confabulation risk, and the human decisions downstream of model output that may have been silently delegated to the model.
Measure
Firms most often confuse technical metrics with risk metrics at this stage. Model accuracy, F1, ROC-AUC — these are necessary but not sufficient. The metrics that actually belong in a risk report are:
- Rate of model-assisted decisions that get overridden by a human, and why.
- Distribution of model outputs over time (drift).
- Incident count by severity over a trailing 90-day window.
- Time to detect and time to remediate when the model goes wrong.
All of these are observable. Most firms do not observe them.
Manage
This is where the framework meets the real world. Manage is incident response, model retirement, escalation, and — critically — the ability to turn the thing off. Every AI system in production should have a documented kill-switch procedure, an identified person who can execute it, and a rehearsed exercise of actually executing it. An AI system that has never been turned off in an exercise has not been Managed. This is a rule I apply to my own company’s production systems; I will not deploy an AI capability until I have confirmed I can revoke it.
The shortest possible RMF program that works
For a mid-sized regulated firm:
- One executive owner for AI risk.
- One monthly governance forum with a standing agenda.
- One Map artifact per Tier 1 or Tier 2 system.
- Four risk metrics reported quarterly: override rate, drift, complaints, incident MTTR.
- One documented and rehearsed kill-switch per Tier 1 system.
Those five artifacts, honestly maintained, cover most of what the NIST AI RMF asks for and nearly everything an examiner or customer audit cares about. The rest is refinement.
Virtova advises regulated enterprises on AI governance programs aligned to NIST AI RMF, the EU AI Act, and U.S. banking supervision. If you’re standing up or hardening an AI governance program, book a discovery call.