Skip to main content
v2026.1714 entries · CC-BY 4.0
CASRAI

Editorial · CASRAI

NIST AI Risk Management Framework for Research Offices

How research offices apply the NIST AI RMF’s four functions and AI 600-1’s GenAI profile to grant compliance.

ByMCP Service
Published 3 Jul 2026· 7 minute read

The NIST AI Risk Management Framework (AI RMF) is a voluntary, four-function framework — Govern, Map, Measure, Manage — published by NIST in January 2023 to structure AI risk identification and mitigation across the system lifecycle, and it is increasingly the reference model research offices use to build AI-use policies for grant compliance and research computing.

In one sentence: the NIST AI RMF is a voluntary, technology-neutral process framework — not a certification standard — that organises AI risk management into four continuous functions applied across governance, context-mapping, measurement and mitigation.

What is the NIST AI Risk Management Framework?

The NIST AI RMF (formally NIST AI 100-1) was directed by Congress under the National Artificial Intelligence Initiative Act of 2020 (P.L. 116-283) and published by the National Institute of Standards and Technology on 26 January 2023. It gives organisations a structured, repeatable way to identify, assess and manage AI-related risk without prescribing specific tools or vendors.

Unlike a certification scheme, the AI RMF is deliberately flexible. Organisations apply it through “profiles” — documented mappings of the Core functions to a specific system, unit or risk context — supported by companion NIST materials including the AI RMF Playbook, Roadmap and sector Crosswalks. For a university research office, that flexibility matters: the same four functions can govern an AI-assisted grant-writing tool, a research-computing cluster running a locally hosted model, and a vendor’s generative-AI research assistant, each with a different risk profile.

What are the four core functions — Govern, Map, Measure, Manage?

The AI RMF Core is organised into four functions that operate continuously rather than sequentially: Govern establishes accountability and policy; Map identifies context and potential harms; Measure tests and monitors systems against trustworthy-AI characteristics; and Manage prioritises and resources mitigation. Each function contains categories and subcategories that a research office adapts rather than adopts wholesale.

Function Purpose Typical research-office artefact
Govern Sets accountability, policy and approval authority for AI use Institutional AI-use policy; PI attestation clause in proposal sign-off
Map Documents context, stakeholders and where AI touches sponsored work Inventory of AI tools used in grant writing, review, and data analysis
Measure Tests systems for validity, bias, security and privacy Vendor security questionnaire; bias check on AI-assisted scoring tools
Manage Prioritises, mitigates and documents residual risk Incident log for AI-related data exposure; annual policy review

The Core does not mandate a fixed maturity level. Organisations document which subcategories they have deferred, and why, alongside compensating controls — a discipline that maps onto existing research-compliance practices such as data management plans.

What does NIST AI 600-1 add for generative AI?

NIST AI 600-1, the Generative Artificial Intelligence Profile, was published in July 2024 as a companion to the AI RMF specifically for generative and foundation models. It does not replace the four-function Core; it applies Govern, Map, Measure and Manage to risks that are distinctive to generative systems.

The profile documents risk across twelve categories, including confabulation (hallucinated outputs presented as fact), data privacy, harmful bias and homogenisation, information integrity, information security, intellectual property, and value-chain and component integration risk from third-party foundation models. For a research office, several of these map directly onto everyday research-computing and grant-compliance exposure:

  • Confabulation in AI-assisted literature review or preliminary-data summaries submitted in a proposal narrative
  • Data privacy exposure when researchers paste sponsor-restricted or human-subjects data into a public generative-AI tool
  • Intellectual property risk when proprietary or pre-publication research content is used as a prompt input to a third-party model that retains data for training
  • Information security gaps in export-controlled or ITAR-restricted research computing environments running locally hosted generative models

How should research offices map RMF functions to grant compliance and research computing?

Applying the AI RMF in a research office starts with an honest inventory, not a policy document. Most institutions already run parallel compliance regimes — IRB, export control, data use agreements, conflict of interest — and the AI RMF’s four functions slot into that existing governance architecture rather than requiring a new one.

RMF function Research-office action Compliance touchpoint
Govern Define who approves AI use in proposal preparation, peer review, and award administration Grant-compliance office; research integrity policy
Map Inventory AI tools touching sponsor data, human-subjects data, or export-controlled research IRB, data use agreements, export-control review
Measure Evaluate vendor AI tools for data retention, training-data use, and bias before procurement Procurement security review; research-computing vendor assessment
Manage Maintain an incident-response path for AI-related data exposure or integrity failures Research integrity office; sponsor notification obligations

Funders are beginning to require disclosure of AI use in proposal preparation and review; UKRI and the US National Institutes of Health have each issued guidance addressing generative-AI use in grant applications and peer review. A documented AI RMF-aligned policy gives a research office a defensible, auditable answer when a sponsor, an IRB, or an internal audit asks how AI risk is managed.

How does the NIST AI RMF compare to ISO 42001 and the EU AI Act?

The NIST AI RMF, ISO/IEC 42001, and the EU AI Act address the same problem — AI risk — through three different mechanisms, and international research offices often need to satisfy more than one at once.

  • NIST AI RMF: voluntary US guidance, published January 2023, no certification mechanism, technology-neutral
  • ISO/IEC 42001:2023: an internationally certifiable AI management system standard, published December 2023, auditable by an accredited body
  • EU AI Act (Regulation (EU) 2024/1689): binding law, entered into force August 2024, with risk-tiered obligations phasing in through August 2027 for high-risk systems

Institutions with Horizon Europe funding, EU partners, or EU-based subsidiaries generally need to track the EU AI Act’s binding obligations separately from a voluntary AI RMF programme; the AI RMF’s four functions nonetheless provide a practical operational baseline that can be extended toward either ISO 42001 certification or EU AI Act compliance evidence without rebuilding the governance structure from scratch.

Answer-first questions on the NIST AI RMF

What are the seven steps of the NIST Risk Management Framework?

The seven steps — Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor — belong to NIST Special Publication 800-37, the general-purpose cybersecurity Risk Management Framework, not the AI RMF. The NIST AI Risk Management Framework uses a separate four-function structure (Govern, Map, Measure, Manage) with no authorisation-cycle requirement. Research offices should not conflate the two documents.

What is the difference between ISO 42001 and the NIST AI RMF?

ISO/IEC 42001:2023 is a certifiable AI management system standard that an accredited body can audit, published December 2023. The NIST AI RMF is voluntary US guidance with no certification mechanism. Many research offices use the AI RMF’s four functions to build the internal controls that ISO 42001 certification later formalises against an external auditor.

What are the four types of AI risk?

NIST’s AI RMF and its Generative AI Profile group AI risk broadly into performance risk (validity, reliability), societal risk (harmful bias, fairness), security risk (adversarial manipulation, data leakage), and third-party or value-chain risk from vendor models and training data. Research offices typically encounter all four simultaneously when adopting AI-assisted research tools.

What are 5 risks of AI?

For research administration specifically, the highest-priority risks are data privacy breaches in sponsor-data pipelines, confabulation in AI-assisted literature synthesis, intellectual property exposure through third-party model training on prompts, harmful bias in automated review or scoring tools, and information security gaps in procured generative-AI platforms.

Implications for research administration

The AI RMF’s voluntary status will not last as a governance shortcut. Grant-making agencies and international funders are moving toward AI-use disclosure requirements in proposal and reporting workflows, and institutions without a documented, RMF-aligned policy will increasingly answer ad hoc rather than from a defensible framework.

Research offices already manage layered compliance regimes across research administration functions — export control, human-subjects protection, conflict of interest — and the AI RMF’s four functions sit inside that structure rather than replacing it. Starting with Govern (assign accountability) and Map (inventory AI touchpoints in sponsored work) gives most offices a defensible position within one administrative cycle, ahead of any future mandatory requirement.

LAC

Partner Deal

LAC Health Supplies Mobile App

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →