GOVERN (NIST AI RMF)
The cross-cutting function of the NIST AI RMF focused on establishing and maintaining the organizational policies, processes, procedures, and practices needed for AI risk management. Unlike Map, Measure, and Manage — which apply to individual AI systems — GOVERN applies across the entire organization.
Why It Matters
GOVERN is the foundation that makes the other three functions possible. Without organizational commitment, clear roles, and established policies, system-level risk management efforts have no structural support.
Example
Under the GOVERN function, a company establishes an AI risk tolerance statement approved by the board, defines roles for an AI governance committee, creates a third-party AI risk policy, and implements AI-specific training for all business units.
Think of it like...
GOVERN is like a city's zoning laws and building department — the individual buildings (AI systems) get their own inspections, but GOVERN sets the rules, staffs the department, and ensures the whole system works.
Related Terms
NIST AI Risk Management Framework (AI RMF)
A voluntary framework published by the U.S. National Institute of Standards and Technology that provides structured guidance for managing AI risks through four core functions: Govern, Map, Measure, and Manage. It's designed to be flexible, sector-agnostic, and compatible with other risk management frameworks.
MAP (NIST AI RMF)
The NIST AI RMF function focused on establishing context, identifying risks, and understanding an AI system's purpose, stakeholders, and potential impacts. MAP activities include defining the use case, identifying affected populations, assessing benefits and costs, and cataloguing risks before development begins.
MEASURE (NIST AI RMF)
The NIST AI RMF function focused on quantifying, assessing, and tracking identified AI risks using metrics, tests, and evaluation methods. MEASURE activities include bias testing, performance benchmarking, explainability assessment, and security evaluation across the AI lifecycle.
MANAGE (NIST AI RMF)
The NIST AI RMF function focused on allocating resources, prioritizing actions, and responding to AI risks based on insights from the Map and Measure functions. MANAGE activities include risk prioritization, mitigation implementation, incident response, continuous monitoring, and decommissioning decisions.