NIST AI RMF 1.0 — capability crosswalk
If your AI risk program needs to implement the four NIST AI RMF functions — GOVERN, MAP, MEASURE, and MANAGE — here is how each maps to the AGLedger record, the Signed Statement chain, the dispute path, and the Settlement Signal surface.
The crosswalk is a capability mapping. AGLedger provides the evidence pattern; your program provides the risk methodology, the tolerances, and the response decisions.
Last updated: 2026-05-26 · API v0.25.4
If your AI program needs to evidence NIST AI RMF MEASURE controls, the crosswalk below applies. The same evidence pattern — signed records, hash-chained, append-only — also supports non-AI automated work under SOX, GLBA, HIPAA, and other control families that require tamper-evident audit trails for RPA, CI pipelines, and microservice handoffs. AGLedger is software you self-host; the regulations are AI-framed, the underlying evidence pattern is not.
GOVERN
Establish and maintain policies, processes, and accountability structures for AI risk management.
AGLedger provides
- Structured accountability chain for every automated operation (record → completion → verdict)
- Role-based access: principal, performer, accessor with defined authority scopes
- Append-only audit vault records every policy decision and oversight action
- Cross-record compliance attestation records linked to audit chain
Enterprise owns
- Defining governance policies and risk tolerances
- Designating responsible individuals and their authority
- Establishing organizational AI risk management strategy
MAP
Identify, categorize, and document AI risks in context.
AGLedger provides
- Risk level and domain classification per record (maps to Annex III categories)
- Structured records linking each automated operation to its risk context
- Federation enables cross-organizational risk mapping with sovereign data
- Custom schemas allow domain-specific risk categorization
Enterprise owns
- Performing the risk assessment
- Determining risk categories and thresholds
- Mapping AI systems to organizational context
MEASURE
Analyze, assess, and track AI risks and impacts.
AGLedger provides
- Tolerance bands enforce numeric bounds on record criteria
- Timeliness evidence — every state transition timestamped and signed
- Reputation scoring tracks agent reliability across records
- Drift detection across model updates and provider changes (most useful in federated deployments)
- Audit vault queryable for cross-record analysis of acceptance, rejection, and revision rates
Enterprise owns
- Defining measurement criteria and acceptable thresholds
- Interpreting measurement results
- Deciding what corrective action to take
MANAGE
Allocate resources and implement plans to respond to AI risks.
AGLedger provides
- 3-tier dispute resolution: self-resolution, mediation, human escalation
- Remediation states and revision workflow for corrective actions
- Settlement Signal (SETTLE/HOLD) routes outcomes to downstream systems
- Full chain exportable for regulatory submission and third-party audit
Enterprise owns
- Resource allocation decisions
- Risk response strategy and implementation
- Ongoing monitoring program design
These obligations exist because automated work needs structurally durable evidence. Whether or not your jurisdiction enforces them on schedule, the engineering requirement is real today. AGLedger provides the evidence pattern; your compliance program provides the policy and process around it.