Working Checklists for the NIST AI RMF: A Practical Tips Series: MANAGE
Learn practical MANAGE function checklists for the NIST AI RMF. Turn AI risk response from improvisation into real governance execution.

MANAGE****
Part 4 of 4 — GOVERN, MAP, MEASURE, MANAGE
MANAGE is the function that gets tested in public. GOVERN, MAP, and MEASURE can all be wrong quietly, for a long time, without anyone outside the organization noticing. MANAGE is different. MANAGE is what happens after a risk has already materialized, and the gap between real management and its imitation shows up immediately to whoever is affected: a customer, a regulator, the press, your own leadership.
This is also the function most likely to be delegated to incident response teams as if it were purely reactive. It isn’t. MANAGE includes the decisions made before anything goes wrong (resourcing, third-party contingency planning, disengagement criteria) that determine whether your response, when it comes, looks competent or improvised. Here’s the checklist, organized by NIST’s four MANAGE categories.
MANAGE 1: Risks Are Prioritized and Responded To, Not Just Logged
- There’s a real decision point, before deployment and periodically after, on whether the AI system still achieves its intended purpose well enough to justify its risk
- Documented risks are prioritized using something more rigorous than recency or who complained loudest. Impact, likelihood, and available resources actually drive the order
- For each significant risk, there’s a stated response (mitigate, transfer, avoid, or accept) and “accept” is a decision someone with authority actually made, not a default that happened by inaction
- Residual risk is documented explicitly, not implied by the absence of further discussion
Theater vs. real:Theater is a risk log where every entry says “monitoring” indefinitely. Real is a log where risks visibly move — mitigated, accepted with a name attached, or escalated — because someone is actually deciding, not just watching.
MANAGE 2: Strategies to Manage Impact Are Actually Implemented
- Resources are allocated to manage identified risks, not just promised in a plan that assumes someone will find the capacity later
- There are real mechanisms to sustain the value of a deployed system over time not a one-time launch checklist treated as permanent proof of soundness
- A defined procedure exists for disengaging or deactivating an AI system if it’s underperforming or causing harm, and that procedure doesn’t depend entirely on the goodwill of the team that built it
- Risk controls for third-party components feed back into this system’s specific management plan, not just a general vendor file
Theater vs. real:Theater is a “kill switch” that exists in a diagram but has never been discussed as something anyone would actually pull, or how. Real is a documented instance — even a small one — of a system being paused, scaled back, or retired because the management plan said it should be.
MANAGE 3: Third-Party Risk Is Managed, Not Just Mapped
- Risks and benefits from third-party AI components are actively managed on an ongoing basis — not assessed once at onboarding and left static
- Pre-agreed procedures exist for third-party failure scenarios and they’ve been discussed with the vendor, not just assumed
- Contract terms reflect the actual risk profile of the dependency
Theater vs. real:Theater is a vendor risk file that gets refreshed annually regardless of what changed. Real is a vendor relationship where a specific event — a model update, an incident disclosed by the vendor, a new regulatory requirement — visibly triggered a reassessment.
MANAGE 4: Incidents Are Actually Handled, Not Just Anticipated
- Post-deployment monitoring is active, not aspirational. There’s a real process catching real signals, not just a plan describing what monitoring would ideally look like
- There are measurable, tracked activities for continual improvement. This is not a general commitment to “iterate,” but specific changes tied to specific findings
- An incident communication plan exists and names who talks to whom, in what order, within what timeframe
- The incident plan has been tested before you need it for real
Theater vs. real:Theater is an incident response plan that was written for the ISO audit and never rehearsed. Real is a plan that’s been through at least one dry run rough enough that you found something to fix in it.
The test that cuts across all four
MANAGE is where governance either pays for itself or gets exposed as decoration. Everything upstream exists to make this function possible. If, when something agoes wrong, your organization is improvising instead of executing something it already decided in advance, the first three functions didn’t fail. MANAGE did. And it’s the one function nobody outside your organization will forgive you for getting wrong in front of them.
That closes the series. Read together, GOVERN, MAP, MEASURE, and MANAGE aren’t four separate compliance exercises — they’re one continuous test of whether your AI governance program does anything, or just describes what doing something would look like.
Put these ideas to work.
Schedule a 30-minute walkthrough with our team.