NIST AI RMF Implementation Guide: From Framework to Evidence in 90 Days
In This Article
- 1.Why NIST AI RMF Is the Foundation of Your Compliance Program
- 2.Function 1: GOVERN — Organizational AI Governance (Days 1–30)
- 3.Function 2: MAP — AI System Context and Risk Identification (Days 15–50)
- 4.Function 3: MEASURE — Quantifying and Monitoring AI Risk (Days 40–75)
- 5.Function 4: MANAGE — Response, Remediation, and Continuous Improvement (Days 60–90)
- Q.Frequently Asked Questions
Why NIST AI RMF Is the Foundation of Your Compliance Program
The NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0), published in January 2023, is the single most important document in American AI compliance. Colorado SB 24-205 § 6-1-1706 explicitly names it as a framework that triggers the rebuttable presumption of compliance — meaning organizations that can demonstrate adherence to NIST AI RMF shift the burden of proof to the Attorney General in any enforcement action.
Texas TRAIGA (HB 1709) references NIST AI RMF as a recognized framework. The EU AI Act's conformity assessment process aligns with NIST AI RMF's risk-based approach. ISO/IEC 42001:2023 was designed to be complementary. If you implement one framework well, NIST AI RMF gives you the most leverage across multiple jurisdictions.
But "adherence" is not the same as "awareness." Reading the framework is not implementing it. Implementing it means producing documented evidence for each function, category, and subcategory — evidence that would survive an AG investigation or a third-party audit. This guide translates the abstract framework into a concrete 90-day implementation plan with specific deliverables at each stage.
Related: The 4 functions of NIST AI RMF explained · NIST AI RMF mapping to SB 24-205 · Building an AI risk management program in 90 days
Function 1: GOVERN — Organizational AI Governance (Days 1–30)
The Govern function establishes the organizational structures, policies, and accountability mechanisms that underpin your entire AI risk management program. It's the foundation — without it, the other three functions lack institutional support and authority.
GV-1: Policies and Procedures
Deliverable: A published AI risk management policy that addresses SB 24-205 § 6-1-1702 requirements. This policy must describe: the types of high-risk AI systems your organization deploys, how AI-related risks are identified and assessed, governance structure and decision-making authority, processes for ongoing monitoring, and procedures for incident response and AG notification.
Evidence artifacts: Policy document (dated, version-controlled), board/executive approval records, publication records (website URL, internal communications).
GV-2: Accountability Structure
Deliverable: Defined roles and responsibilities for AI governance. Designate an AI Governance Officer (or equivalent). Establish an AI Risk Committee with cross-functional representation (legal, engineering, compliance, business). Define escalation paths for AI incidents.
Evidence artifacts: Organizational chart with AI governance roles, committee charter, meeting minutes from initial convening.
GV-3: Workforce Competency
Deliverable: Training program for staff who deploy, manage, or oversee AI systems. Training must cover: SB 24-205 obligations, bias recognition, incident reporting procedures, and the organization's AI risk management policy.
Evidence artifacts: Training materials, attendance records, competency assessments, annual training calendar.
GV-4: Organizational Culture
Deliverable: Evidence that AI risk management is embedded in organizational culture, not just policy. This includes documented leadership commitments, resource allocation for compliance, and channels for employees to raise AI-related concerns.
Evidence artifacts: Executive communications, budget allocations, anonymous reporting mechanism documentation.
Function 2: MAP — AI System Context and Risk Identification (Days 15–50)
The Map function identifies and documents the context in which each AI system operates, the risks it presents, and the stakeholders it affects. This function directly feeds your SB 24-205 impact assessments (§ 6-1-1703).
MP-1: AI System Inventory
Deliverable: A comprehensive inventory of every AI system in your organization, categorized by risk level. For each system, document: name and vendor, purpose and intended use, data inputs and outputs, categories of affected consumers, deployment date, and responsible business owner.
Evidence artifacts: AI system register (structured database or spreadsheet with versioning), risk classification methodology document, classification rationale for each system.
MP-2: Risk Context Documentation
Deliverable: For each high-risk AI system, a contextual analysis documenting: the consequential decision domain (employment, credit, insurance, healthcare, etc.), the specific population of affected Colorado consumers, the potential for disparate impact on protected classes, and the interaction between AI outputs and human decision-making.
Evidence artifacts: Context analysis documents for each high-risk system, stakeholder identification records, data flow diagrams showing how AI inputs flow to decisions.
MP-3: Benefits and Risk Assessment
Deliverable: A formal assessment of each high-risk system's intended benefits versus identified risks. Document: quantified benefits (efficiency gains, accuracy improvements), identified risks (bias potential, false positive/negative rates, transparency limitations), and the tradeoffs between benefits and risks that justify continued deployment.
Evidence artifacts: Benefit-risk analysis documents, quantitative metrics where available, decision records showing consideration of whether to deploy, modify, or retire each system.
MP-4: Mapping to SB 24-205
Deliverable: An explicit mapping showing how your Map function outputs satisfy SB 24-205 § 6-1-1703 impact assessment requirements. Create a crosswalk table linking each NIST subcategory to the corresponding statutory provision.
Evidence artifacts: NIST-to-SB-24-205 crosswalk document, gap analysis showing any areas where the statute requires documentation beyond what NIST prescribes.
Function 3: MEASURE — Quantifying and Monitoring AI Risk (Days 40–75)
The Measure function transforms risk identification into quantification. This is where abstract risks become specific metrics, thresholds, and monitoring dashboards — and where most implementations fail. Measuring bias isn't optional under SB 24-205; it's the core of your defense against algorithmic discrimination claims.
ME-1: Bias Metrics and Testing
Deliverable: For each high-risk AI system, a documented bias testing program specifying: which protected classes are tested (race, gender, age, disability, national origin at minimum), which statistical tests are applied, what thresholds constitute acceptable performance, and how often testing occurs.
Recommended statistical tests:
- Disparate Impact Ratio (DIR) — The EEOC's four-fifths rule: a selection rate for any protected group less than 80% of the group with the highest rate indicates adverse impact. Use for binary outcomes (approved/denied, hired/rejected).
- Equalized Odds — True positive rates and false positive rates should be equal across protected classes. Use for classification systems.
- Demographic Parity — Overall positive outcome rates should be similar across groups. Use as a high-level screening metric.
- Calibration — Predicted probabilities should mean the same thing across groups. A "70% approval likelihood" should translate to the same actual approval rate for all demographics.
Evidence artifacts: Bias testing methodology document, test results disaggregated by protected class, threshold justification records, remediation records for adverse findings.
ME-2: Performance Monitoring
Deliverable: Ongoing monitoring dashboards tracking model performance, drift detection, and fairness metrics over time. Point-in-time audits are insufficient; continuous monitoring demonstrates sustained compliance.
Evidence artifacts: Dashboard screenshots (time-stamped), drift detection alerts and response records, quarterly performance reports.
ME-3: Feedback Mechanisms
Deliverable: Processes for collecting and incorporating feedback from affected consumers, operators, and other stakeholders. Under SB 24-205 § 6-1-1704, consumers must be able to appeal AI-influenced decisions — those appeals are a feedback mechanism.
Evidence artifacts: Consumer appeal process documentation, feedback collection records, evidence that feedback was analyzed and acted upon.
Function 4: MANAGE — Response, Remediation, and Continuous Improvement (Days 60–90)
The Manage function closes the loop: responding to identified risks, remediating issues, and continuously improving your AI risk management program. This is where compliance becomes operational.
MG-1: Risk Response
Deliverable: Documented response procedures for every category of identified risk. For algorithmic discrimination specifically: detection triggers, investigation process, remediation options (model retraining, feature removal, threshold adjustment, system retirement), and the 90-day AG notification procedure under § 6-1-1705(3).
Evidence artifacts: Incident response playbooks, response timeline commitments, AG notification templates and procedures.
MG-2: Remediation Tracking
Deliverable: A system for tracking identified issues from detection through remediation. Each issue should have: a unique identifier, severity classification, assigned owner, target remediation date, actual resolution date, and verification of effectiveness.
Evidence artifacts: Issue tracking records (CO-AIMS generates these automatically), remediation completion evidence, before/after metrics showing improvement.
MG-3: Continuous Improvement
Deliverable: Annual review process for the entire AI risk management program. Assess: whether the governance structure is effective, whether risk identification was comprehensive, whether measurement approaches detected actual issues, and whether response mechanisms resolved them effectively. Feed lessons learned back into the Govern function.
Evidence artifacts: Annual program review reports, lessons-learned documentation, updated policies incorporating improvements.
MG-4: Record Retention Architecture
Deliverable: A systematic approach to maintaining all evidence artifacts for the three-year retention period required by SB 24-205. Implement version control, immutable audit logs, and organized evidence bundles that can be produced in response to a Civil Investigative Demand.
Evidence artifacts: Record retention policy, storage architecture documentation, sample evidence bundle demonstrating completeness.
CO-AIMS automates the evidence generation, storage, and retrieval for all four NIST functions. Every action in the platform — from system registration to bias audit to incident response — generates time-stamped, immutable evidence that maps to specific NIST subcategories and SB 24-205 provisions. Start your free trial and have your first evidence bundle generated within 48 hours.
Frequently Asked Questions
What are the 4 functions of NIST AI RMF?
The four core functions are Govern (organizational policies, accountability, and culture), Map (AI system inventory, context, and risk identification), Measure (quantitative bias testing, performance monitoring, and feedback mechanisms), and Manage (risk response, remediation tracking, and continuous improvement). Each function contains categories and subcategories that require specific documented evidence.
How do you implement NIST AI RMF?
Implementation requires translating each function into specific deliverables with evidence artifacts. Start with Govern (policies and accountability in days 1–30), then Map (inventory and risk identification in days 15–50), then Measure (bias testing and monitoring in days 40–75), and finally Manage (response and remediation in days 60–90). The key is producing documented evidence for each subcategory, not just reading the framework.
Does NIST AI RMF satisfy Colorado AI Act?
SB 24-205 § 6-1-1706 explicitly creates a rebuttable presumption of compliance for organizations following NIST AI RMF. However, the presumption requires substantive implementation with documented evidence — not just awareness. Your NIST implementation must be comprehensive enough to survive scrutiny if the AG challenges the presumption, meaning specific evidence for each function, category, and subcategory.
What is the difference between NIST AI RMF and ISO 42001?
NIST AI RMF is a risk management framework (voluntary, US-focused, function-based structure) while ISO/IEC 42001:2023 is a management system standard (certifiable, international, clause-based structure). Both are named in SB 24-205 as frameworks that trigger the rebuttable presumption. NIST AI RMF provides more granular implementation guidance; ISO 42001 provides certifiable conformity. Many organizations implement NIST AI RMF and pursue ISO 42001 certification to maximize their defensive posture.
How long does NIST AI RMF implementation take?
A focused implementation for a mid-market organization (5–25 AI systems) takes approximately 90 days using a structured approach. Days 1–30 focus on governance structures and policies, days 15–50 on system inventory and risk mapping, days 40–75 on bias testing and monitoring, and days 60–90 on response procedures and evidence architecture. CO-AIMS accelerates this timeline by auto-generating evidence artifacts for each NIST subcategory.
Automate Your Colorado AI Compliance
CO-AIMS handles bias audits, impact assessments, consumer disclosures, and evidence bundles — so you can focus on your business.
AI Solutionist and founder of CO-AIMS. Building compliance infrastructure for Colorado's AI Act. Helping law firms, healthcare providers, and enterprises navigate SB 24-205 with automated governance.