The four functions
A healthy AI RMF posture closes the loop: governance decisions feed mapping, mapping feeds measurement, measurement feeds management, and management updates governance.Mapped subcategories
Govern (4 mapped)
Map (4 mapped)
Measure (4 mapped)
Manage (4 mapped)
Overlap with EU AI Act
Several NIST subcategories overlap directly with EU AI Act requirements:
Closing one usually closes both. The gap analysis prioritises remediation by cross-framework impact.
Producing the audit pack
Same shape as EU AI Act: a ZIP with per-subcategory evidence and the framework score.Related resources
EU AI Act
Sister framework with significant overlap.
Risk Dashboard
Where Manage 1.1 (prioritise risks) is operationalised.

