NIST AI RMF MEASURE Function: The Controls That Produce Auditable Evidence
The NIST AI Risk Management Framework organizes risk management into four functions: GOVERN, MAP, MEASURE, and MANAGE. MEASURE is the function that produces the operational evidence the other three functions depend on. The framework defines four categories under MEASURE, with 18 subcategories that specify what to assess and how to assess it. This article walks each category, the controls a deployer needs in production to satisfy them, the artifacts the controls produce, and where a stateless policy gateway sits in the evidence chain.