Skip to main content

NIST AI Risk Management Framework: Implementation with Keeptrusts

The NIST AI Risk Management Framework is powerful precisely because it is not a narrow checklist. It asks organizations to govern, map, measure, and manage AI risk across the full lifecycle. That flexibility is useful, but it also creates a common implementation failure. Teams build inventories, workshops, and policy decks, then discover that nothing in the live route actually proves their controls are active when a real prompt is sent.

Keeptrusts helps close that gap. It does not replace the framework, and it does not turn a voluntary model into a compliance certificate. What it does provide is a runtime control layer that maps well to the most operational parts of AI RMF. You can define routes, test them, restrict provider posture, stop risky outputs, inspect decision events, and export evidence for periodic review. That makes AI RMF a working operating model instead of a maturity presentation.

Use this page when

  • You are adopting NIST AI RMF as the baseline framework for enterprise AI governance.
  • You need to connect governance language to concrete runtime controls and review loops.
  • You want a practical implementation model that works for pilots, production systems, and agentic workflows.

Primary audience

  • Primary: governance leads, security architects, platform engineers
  • Secondary: internal audit, product owners, responsible-AI committees

The problem

AI RMF is often understood correctly but implemented weakly. The organization may have a risk taxonomy, a use-case review board, and an owner list, yet the live system still has no consistent way to answer basic questions. Which provider processed this request? Was the input screened for prompt injection? Was sensitive content redacted before the model call? Did the workflow escalate when it crossed a defined boundary? What evidence exists for the last quarter's review?

That gap usually appears because the framework spans several kinds of work. Govern requires ownership, policy, and accountability. Map requires understanding context, stakeholders, and use-case boundaries. Measure requires testing, observation, and performance or risk signals. Manage requires changing the system when risks move. Without a runtime layer, those functions remain partially disconnected. Governance knows what it wants, but the application path cannot show whether the control exists in practice.

The problem gets worse with agents and multi-provider architectures. A single workflow may call multiple models, use different tool surfaces, or shift from a low-risk support task into a higher-risk action path. AI RMF does not say you must solve that with any one product, but it does require that you understand and manage the risk. The fastest way to lose that discipline is to treat all requests as identical traffic.

The solution

Keeptrusts maps well to AI RMF when you treat the gateway as the runtime expression of governance decisions.

For Govern, define route owners, approved templates, and change controls around policy-config.yaml. For Map, classify workflows into lanes with different assumptions about data sensitivity, provider posture, user impact, and review requirements. For Measure, use kt policy test, live event review, and exportable evidence to see whether the route behaves the way your governance program expects. For Manage, adjust the chain when the evidence shows drift, new threat patterns, or changing provider constraints.

The individual controls matter because they correspond to different risk types. prompt-injection protects the request boundary. pii-detector and hipaa-phi-detector reduce sensitive text exposure where applicable. data-routing-policy converts provider governance into an enforceable route restriction. human-oversight gives you a clear stop condition for high-impact workflows. audit-logger marks decision paths so downstream event review and evidence export remain coherent. None of these controls is “the AI RMF.” Together they make the framework operational.

Implementation

Build AI RMF implementation around a recurring control loop rather than a one-time assessment.

kt policy lint --file policy-config.yaml
kt policy test --json
kt gateway run --listen 0.0.0.0:41002 --policy-config policy-config.yaml
kt events tail --since 24h --json
kt export-jobs create --since 30d --format json --wait

Use the same loop every time a route changes. Lint verifies structural validity. Policy tests check whether your intended controls fire on representative scenarios. Live event review confirms that governed traffic is actually using the route. Exports support monthly or quarterly review by governance, security, and audit stakeholders.

The most relevant supporting pages are Configuration-First Workflow, Policies Overview, kt policy test, kt events, and Pass Compliance Audits. Those pages give you the operational pieces needed to turn governance intentions into a repeatable review cadence.

Results and impact

Teams that implement AI RMF this way usually gain two things quickly. First, they reduce the distance between governance and engineering. The responsible-AI committee is no longer discussing an abstract use case while the platform team runs an unrelated route. Both groups are looking at the same tested configuration and the same evidence.

Second, they make risk review cheaper. Instead of re-litigating the whole application every quarter, reviewers can inspect route changes, event trends, escalation volume, and export packages. That moves the program from episodic governance to continuous governance.

The approach also scales better. A new use case can inherit the framework by starting from an approved route pattern, running the validation loop, and adding only the controls that fit its actual risk profile.

Key takeaways

  • NIST AI RMF becomes more useful when governance choices are expressed as route controls and review loops.
  • Govern, Map, Measure, and Manage each need runtime evidence, not just documentation.
  • Keeptrusts supports that evidence through configuration control, policy tests, decision events, and exports.
  • You do not need one giant AI policy for every system; you need well-classified lanes with inspectable controls.
  • Continuous review is usually more effective than infrequent framework scoring exercises.

Next steps