If you work in AI and haven't encountered NIST AI RMF yet, you will soon. Published in 2023 by the US National Institute of Standards and Technology, the AI Risk Management Framework has quietly become the closest thing the industry has to a universal standard for responsible AI. It's referenced by the EU AI Act, adopted by the US federal government, and increasingly demanded by enterprise procurement teams as a condition of doing business.

This article explains what the framework actually requires, and how teams deploying AI agents can use it as a practical operating guide rather than a compliance checkbox.

What the NIST AI RMF actually is

The framework is not a regulation. It carries no legal penalties on its own. It is a voluntary framework that describes what trustworthy AI looks like and how organisations can systematically manage AI risk. Think of it the way you think of ISO 27001 — not a law, but a standard that signals to customers, partners, and regulators that you take risk management seriously.

What makes it valuable is that it's structured around four core functions. These aren't abstract principles — they're operational activities that map directly to decisions you make every day when you deploy AI.

Function 1
GOVERN
Establish the culture, policies, and accountability structures that make AI risk management possible across the organisation.
TrustLoop: policy engine, audit trail, role-based oversight
Function 2
MAP
Identify and categorise the AI risks that are relevant to your specific context, use cases, and stakeholders.
TrustLoop: agent tagging, tool-level risk categorisation
Function 3
MEASURE
Quantify and track AI risks using consistent metrics so you can detect changes over time and demonstrate control effectiveness.
TrustLoop: stats, blocked call counts, approval rates
Function 4
MANAGE
Respond to identified risks through controls, treatments, and human oversight mechanisms — before, during, and after deployment.
TrustLoop: kill-switch, approval workflows, PII masking

GOVERN: building accountability into your AI stack

GOVERN is the foundation. It asks: do you have policies for AI? Do people know who is responsible for AI decisions? Is there a process for reviewing and updating those policies as the technology evolves?

For teams deploying AI agents, this means having documented answers to: which agents are authorised to take which actions? Who approves changes to agent permissions? What happens when an agent does something unexpected?

In practice, GOVERN requires two things most teams don't have: a clear policy layer (rules that define what agents can and cannot do) and a clear accountability layer (records of who set those rules and when). Building these into your infrastructure from the start — rather than relying on informal agreements — is what separates teams that can demonstrate governance from teams that can only claim it.

MAP: knowing what your agents actually do

MAP is the risk identification function. Before you can manage AI risk, you need to understand what risks exist. For agents, this means cataloguing every tool each agent has access to, understanding what data it can read or write, and identifying which downstream systems it can affect.

This sounds straightforward, but in practice most organisations have poor visibility into what their agents are actually doing. Tools get added during development, permissions accumulate, and by the time an agent reaches production nobody has a clear picture of its full capability surface.

The MAP function requires that you log every tool call — not just the ones that go wrong — so you can build an accurate, evidence-based picture of what each agent does in the real world. This is distinct from reading the code: agents' actual behaviour in production often diverges significantly from what they were designed to do.

MEASURE: quantifying risk over time

MEASURE turns qualitative risk awareness into quantitative tracking. How many tool calls did your agents make last month? How many were blocked by policy? How many required human approval? What was the approval rate? How has that changed quarter-on-quarter?

These metrics serve two purposes. First, they let you detect meaningful changes in agent behaviour — a sudden spike in blocked calls often signals a prompt injection attempt or an agent operating outside its intended scope. Second, they give you the evidence base you need to demonstrate to auditors, customers, and regulators that your controls are working.

You cannot demonstrate effective AI risk management without metrics. "We have a process" is not evidence. "Our agents made 847,000 tool calls last quarter, of which 0.3% were blocked by policy and 0.1% escalated to human review" is evidence.

MANAGE: controls that actually prevent harm

MANAGE is where governance becomes operational. It encompasses all the active controls you apply to reduce AI risk — and critically, it includes both pre-action controls (things that prevent harm before it happens) and post-action controls (things that detect and respond to harm after it occurs).

For AI agents, the highest-value pre-action controls are:

Post-action controls — anomaly detection, incident response processes, regular audit log review — complement these but cannot replace them. The sequence matters: pre-action controls prevent; post-action controls detect.

How the four functions map to TrustLoop

NIST Function Requirement TrustLoop capability
GOVERN Documented AI policies with clear ownership Plain-English rule engine, policy audit trail
MAP Complete visibility into agent actions Per-call logging with agent, tool, arguments, outcome
MEASURE Quantitative risk metrics over time Dashboard stats: calls, blocks, approvals, agents
MANAGE Pre-action controls and human oversight Kill-switch, approval workflows, PII masking

Where to start

The NIST AI RMF can feel overwhelming because it touches every layer of how you build and deploy AI. The practical starting point for most teams is MEASURE — because you can't govern what you can't see.

Start by instrumenting your agent calls with complete logging. Once you have visibility into what your agents are actually doing, the MAP, GOVERN, and MANAGE functions become much more tractable. You'll have the data to identify high-risk tool combinations, the evidence to write meaningful policies, and the baseline metrics to demonstrate that your controls are effective.

The teams that will be ahead of the curve on AI governance in 2027 are the ones building that foundation now.

NIST AI RMF-aligned governance in minutes.

TrustLoop covers all four functions — audit trail, policy engine, risk metrics, and human oversight controls — with a single integration.

Start free — no credit card