
This is the AI RMF gap assessment, not the checklist version. Most write-ups treat GOVERN, MAP, MEASURE, and MANAGE as four boxes to tick. In practice, the interesting failure isn’t which box is empty — it’s the pattern across the boxes. That pattern is what tells you whether your AI program is actually managing risk or just documenting that it thought about risk once.
The trap: treating AI RMF like a checklist
NIST AI RMF 1.0 is voluntary and non-prescriptive by design. That flexibility is the point — it’s supposed to flex to your context, your risk tolerance, your regulatory exposure. But voluntary frameworks have a predictable failure mode: organizations write the GOVERN policy, feel the box getting checked, and stop.
Nineteen categories across four functions look like a checklist. They’re not. They’re a chain. And chains break at the weakest link, not the first one.
The four functions, in the order risk actually moves through them
| Function | What it does | The practitioner question |
|---|---|---|
| GOVERN | Sets accountability, roles, and risk tolerance — underpins everything else | Who actually owns this when it breaks? |
| MAP | Establishes context before a system ships — intended use, stakeholders, foreseeable misuse | What did we assume this AI system would not be used for? |
| MEASURE | Applies quantitative and qualitative tools to assess risk across the lifecycle | Are we measuring drift, or just measuring at launch? |
| MANAGE | Prioritizes, resources, and actions the response — then feeds lessons back to GOVERN | Does anything we learn in production change the policy? |
Most organizations can point to artifacts for GOVERN. Far fewer can show a MAP document for a specific deployed AI system. Almost none have MEASURE instrumented as an ongoing signal rather than a one-time test.
The gap pattern that actually predicts failure
Here’s the part the generic AI RMF explainer post skips: which combination of strong/weak functions you have tells you why your program is weak, not just that it’s weak.
| What we see in the field | What’s really going on | Where to focus first |
|---|---|---|
| GOVERN complete, MAP/MEASURE weak | Policy was written, never operationalized against a real system | Run a system-level risk assessment (MAP) on your highest-exposure AI use case — not a hypothetical one |
| MAP done, MEASURE absent | Risk was identified in a workshop, never instrumented | Define metrics for each identified risk and put monitoring behind them |
| MEASURE present, no MANAGE action | You’re collecting data nobody owns | Assign a risk owner and a review date to every metric that’s tracked |
| Strong technical controls, weak societal-risk view | Engineering-led program with no outside perspective | Bring legal, ethics, or affected-user perspective into MAP 3 and MEASURE 2 |
| No lifecycle coverage | Only deployment gets attention | Extend coverage back to design/development and forward to decommission |
If you recognize your organization in the first row — GOVERN strong, everything else thin — that’s not a failed program. That’s a program that stopped at the easiest 20%.
Financial services is the hard mode of AI RMF, not the easy mode
Every AI RMF post talks about bias in hiring algorithms. Financial services has that problem and three others stacked on top of it:
- Credit decision fairness — disparate impact analysis isn’t optional; it’s tested against the EEOC’s four-fifths rule, and adverse action notices have to be explainable to a person, not just accurate to a model.
- Explainability under legal obligation — ECOA and CFPB guidance mean MEASURE 2 (“system evaluated for trustworthiness”) isn’t a nice-to-have property, it’s the difference between a defensible decision and a discrimination claim.
- Fraud model drift — a fraud-detection model that was 94% accurate at launch and hasn’t been re-measured since is a MEASURE 3 gap with a very expensive failure mode.
For a platform handling M&A due diligence or financial data rooms, the stakes compound further: the AI risk profile has to sit on top of an existing confidentiality and access-control posture, not replace it.
Building the profile: current state vs. target state
The mechanism that actually closes gaps is simpler than the framework makes it look:
- Scope — pick the AI systems in scope. Not “all AI, eventually.” One system, real and deployed.
- Rate current state — for each of the 19 categories: Not Started (0) → Partial (1) → Implemented (2) → Optimized (3).
- Set target state — driven by regulatory exposure and risk tolerance, not aspiration.
- Gap = Target minus Current. Anywhere that’s positive is where the roadmap lives.
- Weight by risk, not by ease. The gap that’s easiest to close isn’t necessarily the one that matters.
Most organizations we assess land at Implementation Tier 1 or 2 — ad hoc or risk-informed. Tier 3 (Repeatable) is the realistic target for a regulated environment. Tier 4 (Adaptive) is for organizations where AI is the product, not a feature.
Why AI RMF pairs with ISO 42001 instead of competing with it
AI RMF is voluntary; it doesn’t get you a certificate. ISO/IEC 42001 does. The two aren’t rival frameworks — AI RMF is the risk methodology; ISO 42001 is the management system that makes it auditable.
Concretely: GOVERN 1 (policies in place) maps to ISO 42001 Clause 5 and Annex A.2. MEASURE 3 (ongoing monitoring) maps to Clause 9.1. If you’re already running an ISMS under ISO 27001, this isn’t a parallel program — it’s an extension with about 70% conceptual overlap and a genuinely new 30% around bias, explainability, and AI-specific incident response.
That’s the sequence that actually gets audited in production: AI RMF gives you the risk logic; ISO 42001 gives you the certifiable structure to prove you’re running it.
The one-sentence version
If your AI governance program can describe its policy but can’t name the owner, the metric, and the last review date for a single deployed AI system — you don’t have a gap in one function. You have a program that only did the part that doesn’t get tested.
Building or auditing an AI risk management program against NIST AI RMF, ISO 42001, or the EU AI Act? That’s the work — happy to talk through where your program actually stands.
AI Vulnerability Scorecard: Discover Your AI Attack Surface Before Attackers Do
Your Shadow AI Problem Has a Name-And Now It Has a Score
Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | AIMS Services | Security Risk Assessment Services | Mergers and Acquisition Security
- The AI RMF Gap Nobody’s Talking About: Why GOVERN-Heavy Programs Still Fail Audits
- ISO/IEC 27001:2022 — The Compliance Bedrock Every Serious InfoSec Program Is Built On
- One Audit – Four Standards – Zero Duplication
- GDPR Isn’t a Checkbox. It’s the Privacy Standard Your Organization Can’t Afford to Ignore
- Most companies deploying AI in the EU still don’t know what tier they’re in


