NIST AI RMF for QA practitioners

The NIST AI RMF 1.0 (published January 2023; stable since) organises AI risk management into four functions that apply across an AI system's lifecycle. They are not sequential phases — they operate concurrently, with each function informing the others. GOVERN sets the policies and tolerances. MAP identifies the specific risks to address. MEASURE tests and evaluates those risks. MANAGE decides what to do about the results.

For QA teams, the framework is most useful as a vocabulary shared with product, legal, and executive stakeholders. GOVERN defines what failure modes are unacceptable — that is the boundary QA must test within. MAP identifies the risks QA must cover. MEASURE is the testing function itself. MANAGE is the prioritisation logic that decides which defects are release-blockers and which are accepted risk.

GOVERN sets organisational policies, risk tolerance, and accountability structures for AI. The QA touchpoint: test plans must align to GOVERN-defined risk tolerances. "What failure modes are unacceptable" is a GOVERN output, not something QA invents independently. If your GOVERN function has not defined this, your test scope is working from an undefined requirement — which is a governance gap, not a QA gap.

MAP contextualises each AI system — its purpose, intended users, potential harms, and success criteria. For testing, MAP is the requirements-traceability stage: identifying which risks need test coverage and capturing them in a way that can be traced back to the GOVERN policy. MAP is also where the register of foreseeable harms is built, which becomes the direct input to test planning. Cross-reference with your traceability artefacts at this stage.

MEASURE is quantitative and qualitative evaluation of the identified risks. This is the testing function QA practitioners own most directly: evaluations, red-teaming, fairness metrics, robustness checks, and benchmark runs. The NIST Generative AI Profile (NIST AI 600-1, published July 2024) extends MEASURE with a 12-category risk taxonomy specifically for generative systems.

MANAGE is the prioritisation and response layer: given MEASURE outputs, decide which risks to treat, which to accept, and how to allocate remediation resources. For QA, MANAGE appears in bug triage — specifically in the severity and priority assignments that determine what is fixed before release. Severity is not purely an engineering judgement; it is a MANAGE output bounded by risk tolerance set in GOVERN.

The NIST Generative AI Profile (NIST AI 600-1, published July 2024) is the companion document that addresses generative AI risks not fully covered by the base RMF. It adds 12 risk categories: CBRN information or capabilities, confabulation, dangerous or violent recommendations, data privacy, environmental impacts, harmful bias and homogenisation, human-AI configuration, information integrity, information security, intellectual property, obscene or degrading content, and value chain and component integration risks.

Even if you are testing a discriminative model rather than a generative one, the NIST AI 600-1 risk taxonomy is useful as a test-planning checklist. The categories cover failure modes that are systematically underrepresented in standard QA practice — confabulation and information integrity in particular surface issues that exact-match assertions cannot detect.

NIST AI 600-1 is cross-referenced from the core RMF 1.0. If a procurement requirement cites "NIST AI RMF alignment", it implicitly includes the Generative AI Profile for any product using generative AI. Ensure your MEASURE-function test plan covers the relevant subcategories, not just the four top-level RMF functions.

The voluntary label on NIST AI RMF is accurate in a narrow sense: no US federal law mandates its adoption. In practice, the framework has become a de facto requirement in significant procurement contexts. US DoD contracts, GSA procurement vehicles, and state government contracts increasingly require RMF alignment documentation. Healthcare, finance, and defence prime contractors have adopted RMF alignment as a baseline supplier requirement.

The practical implication for QA: if you sell AI features to any regulated industry or government market, expect to be asked which RMF function your testing programme addresses. The answer needs to be traceable to artefacts — test plans, eval results, audit logs — not a narrative assertion.

NIST AI RMF 1.0 has been stable since January 2023. The Generative AI Profile companion (NIST AI 600-1) landed July 2024 and remains stable. ISO/IEC 42001:2023 (AI management system standard, Edition 1) is similarly stable. These are the frameworks worth building against.

In contrast: Biden's EO 14110 was rescinded January 2025. Trump's EO 14179 established a deregulatory federal posture; a December 2025 EO asserted federal preemption on state AI laws. Colorado's AI Act (SB205) had its effective date delayed repeatedly through 2025–2026 and in May 2026 the Colorado Legislature passed a bill to repeal and replace it entirely. The UK government has taken a sandbox-pilot approach rather than comprehensive legislation, with no AI Bill introduced to Parliament as of April 2026.

Building your QA governance practice to the RMF insulates the work from this churn. When the next law changes — and the pattern across the past 18 months strongly suggests it will — the RMF mapping stays valid.