NIST AI RMF for Government: A Practical Implementation Checklist
The NIST AI Risk Management Framework (AI RMF 1.0) has quietly become the operational backbone of federal AI governance. OMB memoranda cite it, agency policies adopt it, and acquisition language increasingly requires vendors to align to it. But "align to the AI RMF" is a phrase that means very different things depending on who's saying it. This checklist breaks the framework into the four functions NIST defined — Govern, Map, Measure, Manage — and translates each into concrete actions for a federal agency deploying an AI system.
What the AI RMF actually is
The AI RMF is a voluntary framework published by NIST in January 2023 to help organizations identify, assess, and manage risks across the AI lifecycle. It is not a certification, not a checklist, and not a prescriptive standard. It's a structured way of thinking about AI risk, organized around four functions and a small number of categories and subcategories under each function.
Federal agencies treat the AI RMF as the lingua franca for AI risk management. When OMB M-25-21 references "minimum risk-management practices" for high-impact AI, the practices it has in mind are AI RMF practices. When agency acquisition language asks vendors to demonstrate AI governance maturity, AI RMF alignment is the most common evidence requested.
Function 1: Govern
The Govern function establishes the organizational structure and culture for managing AI risk. For a federal agency, this is the slowest function to mature and the most important to get right.
Checklist items:
- A documented AI governance policy approved at the appropriate level — typically CIO, CDO, or CAIO
- Defined roles and responsibilities for AI risk decisions, including a named Chief AI Officer or equivalent
- An AI use case inventory maintained on a recurring cadence
- A risk categorization scheme that distinguishes high-impact from lower-impact AI
- Procurement integration — AI vendor selection considers AI risk posture, not just price
- A mechanism for staff to escalate AI risk concerns
- Periodic review of AI governance effectiveness
Function 2: Map
The Map function is about understanding the context of each AI system: what it's for, what it interacts with, who it affects, and what assumptions are baked into it. Map is the function most often skipped, because it doesn't produce a dashboard or a metric — but it's the function most often cited in post-incident reviews.
Checklist items:
- A written purpose statement for the AI system, including its intended and unintended uses
- Identification of affected populations and groups, including disparate impact considerations
- A data inventory: sources, ownership, sensitivity, refresh cadence, retention policy
- Identification of model dependencies, including third-party APIs, foundation models, and embeddings
- Documentation of assumptions about the operating environment and the consequences if those assumptions break
- Identification of upstream and downstream systems that interact with the AI
- A list of stakeholders consulted during system design
Function 3: Measure
The Measure function produces the evidence needed to defend AI in production. It's the most technical function and the one where vendor capabilities vary the most.
Checklist items:
- Defined performance metrics tied to the system's stated purpose (not vendor-supplied generic metrics)
- Baseline measurements taken before production deployment
- Subgroup performance evaluation across demographics and use cases
- Adversarial robustness testing appropriate to the threat model
- Bias and fairness evaluation using documented methodology
- Explainability or interpretability evidence appropriate to the impact level
- Independent third-party evaluation for high-impact systems
- Continuous monitoring infrastructure that produces metrics in production, not just at acceptance testing
Function 4: Manage
The Manage function is what you do when something goes wrong — or when the world changes around your AI system. It's the function that turns governance theory into operational reality.
Checklist items:
- An incident response plan specifically for AI failures (distinct from generic IT incident response)
- Defined thresholds for human review, model rollback, or system shutdown
- A change management process for model updates and retraining
- A drift monitoring regime that detects when input distributions or output behavior change
- A post-deployment review cadence with documented findings and corrective actions
- A communication plan for affected users when AI behavior changes materially
- A retirement plan for when the AI system is no longer fit for purpose
Common gaps in federal AI RMF implementation
Across dozens of federal AI deployments, three gaps appear most often. The first is treating Govern as a one-time exercise — policies get written but not refreshed, roles get assigned but not resourced. The second is skipping Map for systems that "seem low risk" — and then discovering during an incident that the operating context had quietly shifted. The third is letting Measure stop at acceptance testing — production metrics aren't instrumented, drift isn't monitored, and the first sign of a problem is a stakeholder complaint.
How to document RMF alignment in proposals and contracts
For vendors responding to federal solicitations, the strongest RMF documentation answers four questions concretely. What evidence do you produce for the Map function on a typical engagement? What is your standard Measure regime, including subgroup analysis and drift monitoring? What is your Manage playbook when production AI behavior drifts? And how do you transfer Govern responsibility back to the agency at the end of the engagement?
Agencies evaluating vendor responses should treat vague "we follow the NIST AI RMF" claims with skepticism. A vendor who can produce sample Map documentation, sample Measure reports, and a written incident response runbook is operating in RMF reality. A vendor who can't is selling marketing copy.
The bottom line
The AI RMF is a thinking tool, not a compliance form. Agencies that operationalize the four functions — with named owners, real artifacts, and a recurring cadence — produce AI systems that perform safely in production and survive oversight scrutiny. Agencies that treat the framework as a checkbox exercise produce systems that look governed on paper and fail in practice.
Need help applying this in your agency?
Legion Implementation Group is a veteran-owned AI implementation partner for federal, state, and local agencies (SBA VetCert SDVOSB certification in progress). A 30-minute call is usually enough to know whether we can help.
Request a Capabilities Briefing →