Trustgent
Regulatory readiness · United States (NIST voluntary framework)

NIST AI RMF, US procurement expectations

The NIST AI RMF is voluntary but widely referenced in US federal and enterprise procurement. Here is what it asks of a provider and how to verify it.

Trustgent Research DeskPublished Updated Methodology
Editorial guidance, not legal advice. For advice specific to your situation, consult a qualified legal practitioner.

The NIST AI Risk Management Framework (AI RMF 1.0) was published by the United States National Institute of Standards and Technology on 26 January 2023, followed by the Generative AI Profile (NIST AI 600-1) on 26 July 2024. The framework is voluntary, developed under the National Artificial Intelligence Initiative Act of 2020, but it has become the reference many United States federal agencies, prime contractors, and enterprise buyers use to structure their AI-procurement due diligence. A provider that can articulate its work against the AI RMF's four core functions is generally further along on process discipline than one that cannot.

What the AI RMF is and how it is structured

The AI RMF is a companion resource to help organisations manage risks associated with AI systems throughout the lifecycle, from design through deployment and retirement. It is not law and not certifiable. NIST does not audit organisations against it and no accredited certification scheme exists. It is a common vocabulary and a set of desired outcomes that buyers and providers can use to structure their conversation about risk.

The framework's core is organised around four functions. GOVERN establishes and maintains the organisational culture and structures needed to manage AI risk. MAP identifies the context and impacts of a specific AI system. MEASURE analyses and tracks risks over time. MANAGE prioritises risks and implements responses. Each function is decomposed into categories and subcategories, and the companion NIST AI RMF Playbook offers concrete actions organisations can take under each subcategory.

The Generative AI Profile (NIST AI 600-1) applies the four functions specifically to generative AI systems, calling out risks such as data privacy leakage from training corpora, hallucination and confabulation, human-AI configuration failures, information security weaknesses in model supply chains, and intellectual property concerns. It is the reference profile for any procurement involving foundation-model-based systems.

The framework has been widely adopted as a de facto procurement baseline in the United States: many federal agencies reference it in vendor solicitations, prime contractors ask subcontractors to demonstrate alignment with it, and several state-level AI policy frameworks (Texas, California, Colorado, Virginia) refer to it as a benchmark for responsible AI practice.

What it means for buyers commissioning AI builds

The AI RMF gives buyers a structured way to ask about a provider's risk-management practice without demanding a certification the provider cannot obtain. A provider whose delivery process is aligned with the framework can talk concretely about the governance structures they operate (GOVERN), the risk mapping they perform for each engagement (MAP), the measurement methodology they use (MEASURE), and how they manage identified risks through mitigation, monitoring, or acceptance (MANAGE).

A provider unfamiliar with the framework's vocabulary is not automatically disqualified, particularly for smaller engagements, but for United States federal work, regulated-sector procurement, or generative-AI systems with meaningful decision-impact, familiarity with the AI RMF is now a baseline expectation, not a differentiator.

Note that the AI RMF is a framework, not a rule set. Compliance is meaningful only insofar as the provider has actually produced the artefacts the framework describes: governance documents, risk-mapping records for each engagement, measurement plans, and risk-management records. A provider who cites the framework but cannot produce those artefacts has read the document, not implemented it.

Questions that separate framework adoption from framework citation

The gap between citing the AI RMF and operating against it is wide. A provider who works with the framework can walk through the categories under each function, describe how those categories apply to a specific project, and produce records that demonstrate the practice is operating. A provider who has read the executive summary can only cite the four functions. The questions below draw out the difference.

How Trustgent's verification relates

Trustgent's provider profiles include a NIST AI RMF readiness attribute. At L2 cross-reference level and above, that attribute is checked against evidence the provider does not directly control: case studies that reference specific RMF subcategories, procurement documentation, or third-party publications describing how the provider implements the framework. We do not audit against the framework (there is no accredited audit scheme) but we do distinguish, in the index, between a citation and a corroborated implementation.

Procurement checklist

Before treating a provider's stated NIST AI RMF alignment as procurement evidence, confirm:

  1. Governance artefacts under GOVERN

    Ask to see the provider's AI governance documentation: the AI policy, the roles and responsibilities under the AI programme, the risk-tolerance statements. GOVERN is the foundation function; a provider without governance documents has no AIMS to layer the other three functions onto.

  2. MAP records for a comparable engagement

    Ask for a redacted example of the risk mapping the provider produced for an engagement comparable to yours. The MAP function requires the provider to identify system context, categorise risks, and document tradeoffs. The specificity of the example indicates whether the framework is operating.

  3. MEASURE methodology

    Ask how the provider measures the risks they identified in the MAP step. Which evaluation methods, on which data, with what acceptance thresholds. A provider serious about MEASURE has answers specific to system type and risk category, not generic ones.

  4. Application of the Generative AI Profile

    For any engagement involving generative AI or foundation models, ask specifically how the provider applies the NIST AI 600-1 Generative AI Profile. That profile calls out risks such as confabulation, data leakage from training data, and human-AI configuration failures that generic AI risk work does not cover.

  5. Records of framework operation over time

    The framework is not a one-shot exercise. Ask the provider to describe how they review and update their AI RMF alignment: cadence, ownership, and how findings from one engagement feed back into governance. Continuous improvement is the difference between a live framework and a document on a shelf.

How Trustgent's verification relates

Trustgent's verification model treats the AI RMF as a process signal, not as a certified attribute. There is no accredited scheme for the framework; there is no auditor issuing valid certificates. At L2 and above, a claimed NIST AI RMF attribute is checked against corroborating evidence outside the provider's marketing. We surface the difference between claimed alignment and evidenced alignment; we do not attest to compliance.

Buyer questions

What is the NIST AI RMF?
The NIST AI Risk Management Framework (AI RMF 1.0) is a voluntary framework published by the United States National Institute of Standards and Technology in January 2023. It provides a structured approach to identifying, assessing, and managing risks associated with AI systems across their lifecycle. It is not law and not certifiable.
What are the four core functions of the AI RMF?
GOVERN (establishing the organisational culture and structures needed to manage AI risk), MAP (identifying the context and impacts of specific AI systems), MEASURE (analysing and tracking risks over time), and MANAGE (prioritising risks and implementing responses). Each is decomposed into categories with concrete actions in the companion Playbook.
What is the Generative AI Profile?
NIST AI 600-1, published in July 2024, is a companion profile that applies the AI RMF functions to generative AI systems. It calls out risks specific to foundation-model-based systems, including confabulation, data leakage from training corpora, and human-AI configuration failures.
Is NIST AI RMF alignment required by law?
No. The framework is voluntary. It has, however, been widely adopted as a de facto procurement baseline: many United States federal agencies reference it in solicitations, prime contractors expect subcontractors to align with it, and several state-level AI policy frameworks refer to it as a benchmark.
Can a provider be certified against the NIST AI RMF?
No. There is no accredited certification scheme for the framework. A provider can state that its practice is aligned with the framework, but that claim is only meaningful if it is backed by the artefacts the framework describes: governance documents, risk-mapping records for engagements, measurement plans, and risk-management records.
How does the AI RMF relate to the EU AI Act?
They are complementary but distinct. The AI RMF is a voluntary risk-management framework; the EU AI Act is binding legislation with defined risk tiers and obligations. A provider working with the AI RMF has a structured way to work through EU AI Act obligations for European engagements, but AI RMF alignment does not substitute for meeting the specific requirements of the Act.

Editorial guidance, not legal advice. Trustgent is a verified reference index, not a legal adviser. Consult a qualified practitioner for advice specific to your circumstances. Official source: NIST AI Risk Management Framework (nist.gov).