
Turning the NIST AI Risk Management Framework Into a Working System
How we adapt the AI RMF's four functions into a custom, auditable risk framework that matches how your team actually uses AI.
The NIST AI Risk Management Framework gives you four functions to work through. They are Govern, Map, Measure, and Manage. Turning it into something real means mapping each function to how your specific team uses AI, then producing the artifacts an auditor can actually read. A copied policy fails because it describes a generic organization that does not exist. Yours has to describe yours.
We build AI RMF-aligned risk frameworks for organizations that need governance to hold up under HIPAA, HITRUST, SOC 2, or PCI DSS scrutiny. We make the framework do work instead of letting it sit in a binder.
The four functions, briefly
The AI RMF is intentionally not a checklist. It is a structure for thinking about AI risk across the life of a system.
- Govern establishes the culture, roles, and accountability that the other three functions depend on. It is the only function that runs continuously across all the others.
- Map builds context. What is this AI system for, who does it affect, what could go wrong, and what is the impact if it does.
- Measure assesses the risks you mapped using methods you can repeat. It turns "this feels risky" into evidence.
- Manage acts on what you measured, prioritizing and treating risks, and deciding what to accept.
The functions are not strictly sequential. Govern wraps the whole thing, and you cycle through Map, Measure, and Manage as systems change.
Why a copied policy fails
We regularly review governance documents that were lifted from a template or another company. They share the same problem. They describe controls for AI uses the organization does not have, and they miss the uses it actually relies on.
A copied policy talks about model training pipelines when your team only calls hosted models through an API. It mandates bias testing for a recommendation engine you do not run. Meanwhile the marketing team is pasting customer data into a public chatbot every afternoon, and the policy says nothing about it because the template author never imagined your workflow.
An auditor sees through this immediately. The tell is a policy that does not match the evidence. When the document claims you review every model output and the logs show no such review, the gap becomes the finding. A framework only protects you when it describes what you really do and you can prove you do it.
Map controls to how your team actually uses AI
The Map function is where a custom framework earns its keep. Before writing a single control, we inventory the real AI usage across the organization.
That inventory usually surfaces three categories.
- Sanctioned and built. Systems you designed, like a clinical summarization tool or an internal agent.
- Sanctioned but bought. Hosted models and AI features inside SaaS products your teams already pay for.
- Unsanctioned and present. The public chatbots and browser extensions staff use without approval. This category is almost always larger than leadership expects, and it carries the most concentrated risk.
Once the inventory is honest, we attach controls to each use case rather than to abstract categories. The control for an internal agent that touches patient records looks nothing like the control for a marketing assistant drafting blog copy. Same framework, different intensity, matched to actual impact.
A good risk register entry ties a real use case to real controls and a named owner. A clinical note summarization tool makes the shape concrete. It runs in an isolated cloud tenant, handles protected health information, and gets one row that captures the same seven things every entry captures.
| Field | Clinical note summarization example |
|---|---|
| Use case | Summarizes clinical notes for clinicians |
| Where it runs and data sensitivity | Isolated cloud tenant, handles protected health information |
| Risks mapped | PHI leaking through a prompt, and an inaccurate summary affecting care |
| How each risk is measured | Monthly sample of summaries reviewed by clinicians |
| Controls in place | Vendor retention disabled, every output flagged for human confirmation, access logged on each request |
| Accountable owner | Director of Clinical Informatics |
| Review cadence | Quarterly |
Measure with methods you can repeat
The Measure function asks for evidence, and evidence has to be repeatable. A check you run once and never repeat is reassurance dressed up as measurement.
For each mapped risk we define how it gets measured and how often. For an accuracy risk, that might be a monthly sample of model outputs reviewed by a qualified human, with the error rate recorded. For a data leakage risk, it might be an automated scan of outbound traffic and a periodic review of what the model received. The method matters less than its consistency. Auditors trust a modest measurement you run every month more than an elaborate one you ran once.
Manage means deciding, on the record
The Manage function is where you make risk decisions and write them down. Not every risk gets eliminated. Some you accept because the cost of treating them exceeds the harm, and that decision is legitimate as long as someone with authority makes it and signs it.
We help organizations record three things for every significant risk. They record the treatment chosen, the residual risk that remains after treatment, and the name of the person who accepted it. That last item is what separates a governed organization from one that merely hopes nothing goes wrong.
What an auditor wants to see
When an assessor reviews your AI governance, they are checking that the framework is real and lived in, not written and shelved. The artifacts that demonstrate this are consistent across frameworks.
- A current AI system inventory that matches what is actually running.
- A risk register tying each use case to mapped risks, controls, and an owner.
- Evidence the measurements happened, with dates and results, rather than a plan to measure.
- Records of risk acceptance decisions with the accountable signature.
- Logs showing the controls operate, such as access records and human review confirmations.
- A revision history proving the framework changes as your AI usage changes.
The common thread is traceability. An auditor should be able to start at any control and follow it to the risk it addresses, the use case it protects, and the evidence it works.
Working with us
We build AI RMF-aligned risk frameworks that match how your organization actually uses AI, then help you produce the artifacts that hold up under audit. If your current policy reads like it could belong to anyone, that is a sign it belongs to no one. Reach out and we will help you build one that is genuinely yours.
Published Jun 4, 2026 · 6 min read