Documentation Index Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt
Use this file to discover all available pages before exploring further.
NIST AI RMF organises risk management around four functions: Govern , Map , Measure , Manage . Observatory maps 16 of the framework’s high-impact subcategories to operational controls.
The four functions A healthy AI RMF posture closes the loop: governance decisions feed mapping, mapping feeds measurement, measurement feeds management, and management updates governance.
Mapped subcategories Govern (4 mapped) Subcategory Backing controls Govern 1.1 — policies and procedures Policies + Audit Trail Govern 1.4 — accountability and roles RBAC + AI Registry ownership Govern 4.1 — AI risk management training Manual evidence Govern 5.1 — communication channels Manual evidence (incident-comms plan)
Map (4 mapped) Subcategory Backing controls Map 1.1 — AI system context AI Registry metadata Map 1.2 — intended use and limitations AI Registry + manual evidence Map 3.3 — record-keeping Telemetry + retention setting Map 5.1 — third-party AI components AI Registry vendor section
Measure (4 mapped) Subcategory Backing controls Measure 1.1 — relevant metrics Analytics Measure 2.3 — performance over time Drift Monitor Measure 2.7 — security tests Policies (prompt-injection) + Evidence Measure 4.2 — feedback mechanisms Thread feedback + Evidence
Manage (4 mapped) Subcategory Backing controls Manage 1.1 — prioritise risks Risk Dashboard Manage 2.3 — incident response Alerts + Audit Trail Manage 3.1 — manage third-party risks AI Registry vendor section Manage 4.1 — communicate to stakeholders Compliance heatmap export
Overlap with EU AI Act Several NIST subcategories overlap directly with EU AI Act requirements:
NIST subcategory Overlaps with Govern 1.1 EU AI Act Article 9 (risk management) Map 3.3 EU AI Act Article 12 (record-keeping) Measure 2.3 EU AI Act Article 15 (robustness) Manage 2.3 EU AI Act Article 62 (incident notification)
Closing one usually closes both. The gap analysis prioritises remediation by cross-framework impact.
Producing the audit pack Same shape as EU AI Act: a ZIP with per-subcategory evidence and the framework score.
POST /api/compliance/export?framework=nist-ai-rmf&app_id=...
EU AI Act Sister framework with significant overlap.
Risk Dashboard Where Manage 1.1 (prioritise risks) is operationalised.
