Skip to content

L2.5.2 — NIST AI RMF: Govern, Map, Measure, Manage

Type: Theory · Duration: ~5 min · Status: Mandatory Module: Module 2 — AI Security Foundations Framework tags: NIST AI RMF 1.0 (functions layer)

Learning objectives

  1. Recall the four NIST AI RMF functions and state the responsibility of each.
  2. Map an engineering activity to its RMF function (e.g., threat modeling → Map).

Core content

The four functions

                ┌──────────────┐
                │   GOVERN     │  ← cross-cutting; policy, culture, accountability
                └───────┬──────┘
       ┌────────────────┼────────────────┐
       │                │                │
  ┌────▼────┐     ┌─────▼────┐     ┌────▼────┐
  │   MAP   │ →   │ MEASURE  │ →   │ MANAGE  │
  │ context │     │  assess  │     │  act &  │
  │ & risk  │     │   risk   │     │  iterate│
  └─────────┘     └──────────┘     └─────────┘

Govern — the cross-cutting function. Policy, culture, accountability structures. Who is the AI risk owner? What is the AI use policy? How is AI risk reviewed at the board level? This function shapes the other three.

Map — establish context. What is the AI system supposed to do? Who are the stakeholders? What are the foreseeable harms? What's in scope? Threat modeling lives here. Stakeholder analysis lives here. Use-case scoping lives here.

Measure — assess and analyze risks. Run the evaluations. Benchmark against safety, bias, accuracy, robustness criteria. Red-team. Adversarial testing. Output metrics that the Manage function can act on.

Manage — prioritize, act, document residual risk. Implement controls. Make go/no-go decisions. Communicate decisions to stakeholders. Maintain the system; respond to incidents; decommission when warranted.

Each function has categories and subcategories

Each function decomposes into named categories (e.g., Govern 1, Govern 2, …) and each category into subcategories (e.g., Govern 1.1, Govern 1.2, …). Each subcategory is an outcome statement. You'll see citations like "NIST AI RMF Govern 1.4" — that points to a specific outcome.

A few subcategories to recognize: - Govern 1.1 — Legal and regulatory requirements involving AI are understood, managed, and documented. - Map 1.1 — Intended purposes, beneficial uses, context-specific laws, norms, expectations are understood. - Map 5.1 — Likelihood and magnitude of each identified risk are determined. - Measure 2.7 — AI system security and resilience are evaluated and documented. - Manage 4.1 — Post-deployment AI system monitoring is planned and implemented.

You don't memorize all of them. You learn the structure, then look up subcategory IDs when you need to cite one in a finding or audit response.

Mapping engineering activities to functions

Quick reference:

Engineering activity RMF function
Writing an AI use policy Govern
Threat-modeling an AI feature Map
Running a red-team campaign Measure
Adding a guardrail; choosing not to add one Manage
Adding prompt/response logging Map (planning) + Manage (operating)
Authoring a model card Govern (documentation) + Map (context)
Filing an AI incident report Manage

Most engineering work falls in Map, Measure, or Manage. Govern is where the program lives — policies, roles, board reporting.

Real-world example

Anthropic's Responsible Scaling Policy (RSP) is publicly available and structurally maps cleanly to NIST AI RMF: their "ASL" tiers correspond to Map (context + risk identification), their "safety evaluations" correspond to Measure, their "deployment commitments" correspond to Manage, and their RSP governance committee corresponds to Govern. Read the RSP alongside RMF — it's the cleanest worked example available.

Key terms

  • Function — the top-level grouping in RMF. Four of them.
  • Category — second-level grouping; numbered within each function.
  • Subcategory — third-level grouping; the specific outcome statement and the unit cited in findings.

References

  • NIST AI RMF 1.0 PDF — https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf
  • NIST AI 600-1 (GenAI Profile) — https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf
  • Anthropic Responsible Scaling Policy — https://www.anthropic.com/

Quiz items

  1. Q: Name the four RMF functions and one engineering activity that maps to each. A: Govern (write AI use policy), Map (threat modeling), Measure (red-team), Manage (add guardrail).
  2. Q: Your finding says "the system lacks documented post-deployment monitoring." Which RMF subcategory is the natural citation? A: Manage 4.1.

Video script (~620 words, ~4.5 min)

[SLIDE 1 — Title]

NIST AI RMF functions. Govern, Map, Measure, Manage. Five minutes.

[SLIDE 2 — The four functions]

Four functions. Govern is the cross-cutting one — policy, culture, accountability structures. The other three form a loop. Map: establish context, identify risks. Measure: assess and analyze those risks. Manage: act on them, document residual risk, iterate.

[SLIDE 3 — Govern]

Govern. The cross-cutting function. Policy, culture, accountability. Who is the AI risk owner? What is the AI use policy? How is AI risk reviewed at the board level? This function shapes the other three. It's where the program lives, even though most engineering work is in Map, Measure, Manage.

[SLIDE 4 — Map]

Map. Establish context. What is the AI system supposed to do? Who are the stakeholders? What are the foreseeable harms? What's in scope? Threat modeling lives here. Stakeholder analysis lives here. Use-case scoping lives here. If you're walking into a new AI project as the security engineer, you're starting in Map.

[SLIDE 5 — Measure]

Measure. Assess and analyze risks. Run the evaluations. Benchmark against safety, bias, accuracy, robustness criteria. Red-team. Adversarial testing. The output of Measure is metrics that the Manage function can act on. If Map is "what could go wrong," Measure is "how often does it actually go wrong, and how bad is it when it does."

[SLIDE 6 — Manage]

Manage. Prioritize, act, document residual risk. Implement controls. Make go/no-go decisions. Communicate to stakeholders. Maintain the system, respond to incidents, decommission when warranted. Manage is the function that produces actual production behavior change.

[SLIDE 7 — Categories and subcategories]

Each function decomposes into named categories and each category into subcategories. You'll see citations like "NIST AI RMF Govern 1.4" — that points to a specific subcategory, a specific outcome statement. A few to recognize: Govern 1.1 — legal and regulatory requirements involving AI are understood and documented. Map 1.1 — intended purposes, uses, context-specific laws, expectations are understood. Map 5.1 — likelihood and magnitude of identified risk are determined. Measure 2.7 — AI system security and resilience are evaluated and documented. Manage 4.1 — post-deployment monitoring is planned and implemented. You don't memorize all of them. You learn the structure, then look up IDs when you cite one.

[SLIDE 8 — Engineering activities to functions]

Quick reference. Writing an AI use policy: Govern. Threat-modeling: Map. Red-team campaign: Measure. Adding a guardrail, or choosing not to: Manage. Prompt and response logging: planned in Map, operated in Manage. Model card: Govern documentation plus Map context. Filing an AI incident report: Manage. Most engineering work falls in Map, Measure, Manage. Govern is where the program lives.

[SLIDE 9 — Worked example anchor]

One anchor. Anthropic's Responsible Scaling Policy is publicly available and maps cleanly to RMF. Their ASL tiers correspond to Map. Their safety evaluations correspond to Measure. Their deployment commitments correspond to Manage. Their RSP governance committee corresponds to Govern. Read the RSP alongside RMF. It's the cleanest worked example available.

[SLIDE 10 — Up next]

Last theory lesson next. EU AI Act — risk tiers and obligations. Five minutes. After that, you build your first threat model in the lab. See you there.

Slide outline

  1. Title — "NIST AI RMF: Govern, Map, Measure, Manage".
  2. Four functions — the diagram from the lesson body.
  3. Govern — dedicated slide; one-line summary + responsibilities list.
  4. Map — same shape.
  5. Measure — same shape.
  6. Manage — same shape.
  7. Categories/subcategories — the 5-citation list with subcategory IDs highlighted.
  8. Engineering activities → functions — the mapping table from the lesson body.
  9. Anthropic RSP anchor — RSP overview diagram with functions color-coded.
  10. Up next — "L2.5.3 — EU AI Act, ~5 min."

Production notes

  • Recording: ~4.5 min. Cap 5.
  • Slide 7 with the 5 subcategory citations is the slide learners will reference most when writing findings — keep the formatting tight.