Key takeaways
- The NIST Risk Management Framework (
SP 800-37) is a seven-step process for managing security and privacy risk in information systems, built originally for US federal agencies under FISMA. - Its seven steps are Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor, run as a continuous lifecycle rather than a one-time audit.
- The NIST RMF is not the same thing as the NIST AI Risk Management Framework (
AI 100-1): one governs information-system security, the other governs AI-specific risk. - For AI systems, the classic RMF still anchors governance, categorization, and monitoring, while the AI RMF and the new
SP 800-53control overlays cover risks the cybersecurity RMF was never designed to catch. - Read together, the RMF, the AI RMF, ISO/IEC 42001, and EU AI Act Article 9 give regulated organizations one coherent way to manage AI risk across the lifecycle.
What is the NIST Risk Management Framework?
The NIST Risk Management Framework is the structured process US federal agencies use to identify, implement, assess, and monitor security and privacy controls across their information systems. It is defined in NIST Special Publication 800-37 Revision 2 and sits at the center of how agencies meet their obligations under the Federal Information Security Modernization Act (FISMA).
Two ideas make the framework what it is. First, it is a process, not a fixed checklist of controls. SP 800-37 describes how to reach risk-based decisions; the actual controls are drawn from a companion catalog, SP 800-53. Second, it is a lifecycle. Controls are selected, implemented, assessed, authorized, and then watched continuously, so an authorization to operate reflects current risk rather than a snapshot from an audit two years ago.
Though the framework was written for government, its logic travels well. Private-sector security and GRC teams adopt the RMF because it gives them a defensible, repeatable way to tie controls back to the actual impact a system failure would cause, and to document who accepted which risk and why.
NIST RMF vs the NIST AI RMF: clearing up the confusion
Because both carry the NIST name and both talk about risk, the NIST RMF and the NIST AI RMF are constantly mixed up. They are different frameworks with different scopes.
The NIST RMF (SP 800-37) manages the security and privacy of information systems: confidentiality, integrity, availability, and the controls that protect them. The NIST AI Risk Management Framework, published as NIST AI 100-1, manages the risks that are specific to artificial intelligence: data quality, model behavior, bias, explainability, and the broader socio-technical harms an AI system can cause even when its infrastructure is perfectly secure. A model can run on a fully hardened, SP 800-37-authorized platform and still discriminate, drift, or mislead. That gap is exactly why the AI RMF exists, and why teams governing AI need both lenses.
The seven steps of the NIST RMF
The current RMF has seven steps. Earlier versions described six, before the Prepare step was added in Revision 2 to put governance and context-setting up front.
- Prepare. Establish the organizational context: governance, roles, risk tolerance, and the boundaries of each system. Preparation makes sure stakeholders understand their responsibilities before any control is chosen.
- Categorize. Classify the system and the information it processes by potential impact, using the low, moderate, or high levels from FIPS 199. Categorization sets how much protection the system warrants.
- Select. Choose the appropriate controls from
SP 800-53based on the categorization, then tailor them to the system. - Implement. Put the selected controls into operation and document how each one is deployed.
- Assess. Test the controls to confirm they are implemented correctly and working as intended, usually through an independent assessor.
- Authorize. A senior official reviews the residual risk and formally accepts it, granting an authorization to operate.
- Monitor. Track the controls, the system, and the threat environment on an ongoing basis, feeding changes back into the earlier steps.
The steps are often summarized by their core technical activities (Categorize, Select, Implement, Assess, Monitor), which is where the “five components” framing some teams still use comes from. The full seven-step model is the current and complete picture.
How the RMF applies to AI systems
An AI system is still an information system, so much of the RMF transfers directly. You still categorize it by impact, you still select and implement controls, and you still monitor it after deployment. For the governance scaffolding (clear ownership, documented risk acceptance, continuous oversight) the RMF is a strong fit and a familiar starting point for any security team.
The limits show up in what the RMF measures. Its controls were designed around traditional confidentiality, integrity, and availability concerns. They say little about whether training data is representative, whether a model’s accuracy degrades as the world shifts, whether outputs are explainable, or whether a system produces biased or harmful decisions. These are first-order risks for AI and largely invisible to a pure SP 800-37 review.
NIST is closing part of this gap with control overlays for AI built on SP 800-53, which supplement existing control baselines with AI-specific safeguards for predictive, generative, and agentic systems. Used alongside the RMF, the overlays let a team keep its established authorization workflow while adding the controls that AI actually demands. For most organizations, the practical answer is not to replace the RMF but to extend it, and to pair it with a framework written for AI risk from the ground up. AI Sigil’s guide on integrating the NIST AI RMF with ISO 42001 walks through what that pairing looks like in practice.
NIST RMF and NIST AI RMF: a cross-walk
The two frameworks are organized differently. The RMF is a sequence of seven steps. The AI RMF is built around four functions that run in parallel and continuously: Govern, Map, Measure, and Manage. Seeing how they line up helps a team that already runs the RMF understand where AI-specific work attaches.
NIST RMF step (SP 800-37) | Closest AI RMF function (AI 100-1) | What it means for an AI system |
|---|---|---|
| Prepare | Govern | Set AI roles, policies, and risk tolerance; establish accountability before models are built. |
| Categorize | Map | Frame the AI system’s context, intended purpose, and potential harms, not just its data sensitivity. |
| Select / Implement | Manage | Choose and apply controls, including AI-specific overlays for bias, drift, and transparency. |
| Assess | Measure | Test the system with AI-appropriate metrics: accuracy, fairness, explainability, not only control compliance. |
| Authorize | Govern / Manage | Accept residual AI risk with an owner who understands the socio-technical stakes. |
| Monitor | Measure / Manage | Track model performance and emerging harms continuously, feeding results back into the cycle. |
The mapping is not one-to-one, and that is the point. Govern and Measure cut across the whole lifecycle in the AI RMF, where the RMF treats authorization and assessment as discrete steps. Treating the AI RMF’s four functions as a continuous layer over the RMF’s sequence gives you the structure of SP 800-37 with the AI-specific depth of AI 100-1. NIST also publishes a crosswalk mapping the AI RMF to ISO/IEC 42001, which is useful if your AI management system is built on the ISO standard.
Connecting the framework to the EU AI Act
For organizations in scope of the EU AI Act, the RMF and AI RMF are not just good practice; they help satisfy a legal obligation. Article 9 of the EU AI Act requires every provider of a high-risk AI system to establish, implement, document, and maintain a risk management system.
The wording maps closely to how NIST frames risk. Article 9 describes the risk management system as a continuous iterative process run across the entire lifecycle of the AI system, with regular systematic review and updating. Providers must identify known and reasonably foreseeable risks, including risks from reasonably foreseeable misuse, adopt targeted mitigation measures, draw on post-market monitoring data, and judge the residual risk acceptable. That is the RMF’s Monitor step and the AI RMF’s Manage and Measure functions, expressed as law.
An organization that already runs a mature RMF program has most of the operating model the Act expects: documented risk decisions, defined owners, and continuous monitoring. What it needs to add is the AI-specific risk identification and measurement the AI RMF supplies, plus the management-system discipline of ISO/IEC 42001. AI Sigil covers the legal detail in its guide to risk management in the EU AI Act, and the EU AI Act risk pyramid explains which systems carry the Article 9 obligation in the first place.
Extending your RMF program to AI systems
If your security team already operates the RMF, you do not need to start over for AI. A practical path looks like this.
- Inventory your AI systems and run each one through the Prepare and Categorize steps you already use, adding an AI-context framing (intended purpose, affected people, potential harms) drawn from the AI RMF’s Map function.
- Add AI controls to your selection, using the
SP 800-53AI overlays and the AI RMF’s Manage actions to cover bias, drift, data quality, and transparency. - Broaden your assessment metrics so the Assess step measures fairness, accuracy, and explainability, not only control implementation.
- Extend monitoring to track model performance and emerging harms after deployment, which is also what EU AI Act post-market monitoring requires.
- Document everything in one management system, ideally aligned to ISO/IEC 42001, so a single source of truth covers security risk and AI risk together.
The goal is one governance program, not two parallel ones. Running AI risk through the process your organization already trusts is faster to adopt and easier to defend to an auditor or regulator. AI Sigil’s platform is built to manage exactly this: mapping controls across the NIST RMF, the AI RMF, ISO/IEC 42001, and the EU AI Act in a single governance workspace, and its guide to ISO/IEC 42001 shows how the management-system layer ties it together.
FAQ
What are the seven steps of the NIST risk management framework? The seven steps are Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor. Prepare sets governance and context, Categorize rates impact, Select and Implement put controls in place, Assess tests them, Authorize accepts the residual risk, and Monitor watches the system continuously. Earlier versions of SP 800-37 listed six steps before Prepare was added in Revision 2.
What are the components of risk management in NIST? The RMF’s core technical activities are Categorize, Select, Implement, Assess, and Monitor, which is where the “five components” framing comes from. The current model wraps these in two governance steps, Prepare at the start and Authorize before operation, for a full seven-step framework.
Is NIST 800-53 a risk management framework? No. SP 800-53 is the catalog of security and privacy controls. SP 800-37 is the risk management framework that tells you how to select, implement, and assess those controls. The two are designed to be used together: the RMF is the process, SP 800-53 is the control library it draws from.
Is the NIST RMF the same as the NIST AI RMF? No. The NIST RMF (SP 800-37) manages information-system security and privacy risk. The NIST AI RMF (AI 100-1) manages AI-specific risks such as bias, model drift, and explainability. They are complementary: most organizations governing AI use both, the RMF for the security baseline and the AI RMF for AI-specific risk.
Can the NIST RMF be used by private companies? Yes. The framework was created for federal agencies under FISMA, but its risk-based, lifecycle approach applies to any organization. Private-sector teams use it to tie controls to business impact, document risk acceptance, and maintain continuous oversight, often alongside standards like ISO/IEC 42001.
Does the NIST RMF help with EU AI Act compliance? It helps significantly. EU AI Act Article 9 requires a continuous, lifecycle risk management system for high-risk AI, which mirrors the RMF’s Monitor step and the AI RMF’s Manage and Measure functions. An RMF program supplies the operating model; the AI RMF and ISO/IEC 42001 add the AI-specific and management-system layers the Act expects.
Conclusion
The NIST Risk Management Framework remains one of the clearest ways to run security risk as a disciplined, documented lifecycle. For AI, it is necessary but not sufficient. The framework gives you the governance scaffold and the authorization workflow; the NIST AI RMF, the SP 800-53 AI overlays, ISO/IEC 42001, and EU AI Act Article 9 fill in the AI-specific risk it cannot see on its own. Treat them as one connected system rather than four separate obligations, and AI risk becomes something your existing program can absorb. If you want to manage all four in one place, see how AI Sigil maps them together.