GOVERN
Establish governance structures, policies, and processes for managing AI risks.
How Arx supports GOVERN:
- Define blast radius and approval authorities for each agent
- Establish ownership and accountability through Agent Registry
- Document governance decisions in Audit Trail
- Version control policies alongside agent code
MAP
Identify and characterize AI risks, including input quality, model capabilities, and failure modes.
How Arx supports MAP:
- Registry tracks agent capabilities (connectors, actions, blast radius)
- Simulation mode tests agents against historical data to identify edge cases
- Risk scoring identifies high-risk actions
- Connector permissions define input boundaries
MEASURE
Monitor AI systems and collect performance data throughout their lifecycle.
How Arx supports MEASURE:
- Comprehensive audit logging of all actions and outcomes
- Risk scoring on every action
- Approval latency metrics
- Action success/failure rates by agent and connector
- SIEM integration for real-time monitoring
MANAGE
Plan, implement, and oversee mitigation strategies and response processes.
How Arx supports MANAGE:
- Approval gates prevent execution of high-risk actions
- Policy updates can be deployed instantly
- Agents can be suspended or rate-limited without code changes
- Incident response traced through audit trail
Mapping agents to the framework
In Arx, each agent records its NIST AI RMF coverage:
- GOVERN — agent owner assigned, policies defined
- MAP — blast radius declared, simulation passed
- MEASURE — audit trail enabled, monitoring active
- MANAGE — approval gates in place, escalation procedures defined
Use these tags to filter agents and assess organizational AI risk posture.