On this page
TL;DR
MANAGE is the fourth and final function in NIST AI 100-1 (AI RMF 1.0, January 2023) and contains four subcategories, MANAGE 1 through MANAGE 4. Where GOVERN sets policy and MAP sets per-system context, MANAGE turns measured risks into prioritised responses, allocates resources, communicates risk to stakeholders, and closes the learning loop. Source: NIST AI 100-1. Updated 2026-05-20.
Why MANAGE comes last and why that matters
MANAGE is the function where measured risks become operational decisions, with named owners, dated deadlines, and budget attached. The three earlier functions produce artefacts; MANAGE is where those artefacts cause something to happen. NIST AI 100-1 places MANAGE last on purpose: without context (MAP) and measurement (MEASURE), risk response is guesswork, and risk communication is performance art.
For CISOs working through the cluster from GOVERN and MAP, MANAGE is where the programme either becomes self-sustaining or stalls. Each AI system on the inventory needs four outputs from MANAGE: a prioritised risk response with named owners, an explicit resource allocation that the budget actually reflects, a documented communication plan that reaches affected stakeholders, and a continuous improvement record that ties incidents and near-misses back into the governance loop. Those four outputs correspond exactly to MANAGE 1 through MANAGE 4.
At Areebi, we built the response workflow so that MANAGE outputs are generated as a natural product of incident handling, quarterly review, and budget cycles, rather than as a separate compliance artefact. The strategic point: MANAGE is where most AI programmes fail in their second year, because the rest of the framework can be performed once whereas MANAGE has to be performed continuously.
The 4 MANAGE subcategories explained with examples
NIST AI 100-1 organises MANAGE into four subcategories, each describing a per-system or programme-level outcome the organisation should achieve. The subcategory IDs (MANAGE 1, MANAGE 2, and so on) are the canonical reference used by auditors, regulators, and procurement teams. Each one below explains the outcome, gives a concrete CISO-level example, and points to the Areebi capability that operationalises it.
MANAGE 1: AI risks are prioritised, responded to, and managed
MANAGE 1 requires that AI risks identified through MAP and characterised through MEASURE are prioritised based on impact, likelihood, and the organisation's risk tolerance, and that documented response strategies are applied. The outcome is a ranked, time-bound risk register with assigned owners and response strategies (accept, transfer, mitigate, avoid) per risk item.
A concrete example: a regional bank CISO maintains a per-system risk register for the customer-service chatbot. MEASURE outputs flag three high-priority risks (prompt injection bypass of refund-limit guardrails, hallucinated regulatory disclosures during account opening, and PII leakage through unsanitised logging). The CISO ranks these by impact-times-likelihood, with the regulatory hallucination risk top because the consumer protection regulator has signalled appetite for enforcement on AI-generated disclosures. The response strategy: mitigate via a deterministic disclosure template that the model must use verbatim, with a rejection rule if the model output deviates from the template. The owner is the head of customer experience, the deadline is 30 days, the budget impact is documented, and the residual risk after mitigation is re-scored and routed back to the AI Governance Committee for acceptance.
The trap to avoid: treating the risk register as a spreadsheet that lives on the GRC team's laptop. NIST AI 100-1 expects the register to be the operational system of record for AI risk, integrated with the inventory and the incident management process. Areebi dashboards surface the ranked risk register by owner and by system, so that the prioritisation discipline is visible to executives without a separate reporting cycle.
MANAGE 2: Strategies to maximise benefits and minimise risks are planned and resourced
MANAGE 2 requires that the organisation allocates resources (people, money, tooling) commensurate with the prioritised risks and the expected benefits of the AI system. The outcome is a documented resource plan that maps each high-priority risk response to a budget line and a named team, with the executive sponsor on record.
A concrete example: a mid-market insurer with twelve AI systems on the inventory ties the MANAGE 2 plan to the annual budget cycle. The top three high-impact systems (claims triage, fraud detection, and underwriting assistant) receive a dedicated 0.5 FTE model risk analyst each. The next four systems share a single 0.5 FTE. The remaining five low-impact systems are reviewed by the central governance team on a rotating quarterly cadence with no dedicated resource. Tooling spend is allocated proportionally: red teaming for the top three, automated drift monitoring for the top seven, monthly policy review for all twelve. The CFO signs the resource plan, the CISO owns delivery, and the AI Governance Committee reviews the resource-to-risk ratio quarterly to catch any drift.
The trap to avoid: under-resourcing high-impact systems because they are "working fine". NIST is explicit that resource allocation must reflect the prioritised risks, not the squeaky-wheel pattern of past incidents. ISO/IEC 42001 clause on resource allocation reinforces this point and is one of the items external auditors test most consistently. The AI governance ROI business case covers how to articulate this resource ratio to a sceptical CFO using cost-of-incident framing.
MANAGE 3: AI risks and benefits are communicated to relevant parties
MANAGE 3 requires that the organisation communicates AI risks and benefits to the relevant internal and external stakeholders in a form they can act on. The outcome is a documented communication plan that names audiences, formats, cadences, and the specific person responsible for each channel.
A concrete example: a public sector CISO running an eligibility-triage model maintains five distinct communication channels. Channel 1: the AI Governance Committee receives a quarterly risk dashboard with residual risk by system, ranked response items, and incidents-and-near-misses log. Channel 2: the responsible Minister or Secretary receives a one-page risk summary tied to programme delivery KPIs, semi-annually. Channel 3: front-line caseworkers receive a monthly "what the model can and cannot do" briefing with concrete examples of recent edge cases, in plain language. Channel 4: affected citizens receive a published model card and a simple appeal route, kept current on the public-facing site. Channel 5: the relevant regulator or oversight body receives the disclosures required by the applicable AI Act or sector regulation, on the schedule defined by that regulator. Each channel has a named owner, a defined format, and a documented frequency.
The trap to avoid: treating risk communication as a one-way executive briefing. NIST AI 100-1 contemplates a two-way channel with feedback captured and routed back into the governance loop. EO 14110 (October 30, 2023) extended this expectation for US federal agencies, and OMB M-24-10 (March 28, 2024) made it operational through agency-specific publication and transparency requirements. The Areebi audit log records each disclosure event so that the organisation can prove its communication cadence to auditors and regulators on request.
MANAGE 4: Risk treatments are tracked, communicated, and updated based on incidents and feedback
MANAGE 4 requires that the organisation tracks the effectiveness of risk treatments over time, captures lessons from incidents and near-misses, and updates the rest of the AI RMF (back through GOVERN, MAP, and MEASURE) accordingly. The outcome is a continuous improvement record that demonstrates the framework is a living system rather than a one-time deployment.
A concrete example: a healthcare CISO running a clinical documentation assistant logs every incident, near-miss, and clinician-reported issue against the system. Each entry includes the trigger (what happened), the immediate response (what was done in the moment), the root cause analysis (why it happened), the systemic change (what GOVERN, MAP, or MEASURE artefact must be updated), and the verification step (how the organisation will confirm the change worked). Quarterly, the CISO and the chief medical informatics officer review the log and feed material findings back into the next version of the policy, the impact assessment, and the measurement plan. Annually, the AI Governance Committee reviews the entire learning loop and reports to the board on programme maturity.
The trap to avoid: closing incidents without updating upstream artefacts. NIST AI 600-1 (the Generative AI Profile, published 2024-07-26) is explicit that learning from generative AI incidents must feed back through the framework rather than dead-ending in an incident report. This is also where the EU AI Act post-market monitoring requirements bite for high-risk systems: the EU AI Act expects evidence that incident data is shaping the management of the system over time, not just being filed. The Areebi platform inventory binds incident records to the model and policy version that was in production at the time of the incident, so that root cause analyses cannot lose track of which configuration was implicated.
See Areebi in action
Get a 30-minute personalised demo tailored to your industry, team size, and compliance requirements.
Get a DemoCommon pitfalls
Three pitfalls show up repeatedly when CISOs operationalise MANAGE, and each one is avoidable with a small amount of design discipline at programme kickoff.
Pitfall 1: Risk registers that are GRC-team artefacts. The MANAGE 1 register lives on a single analyst's laptop, sees the light of day once a quarter, and never drives a control decision in real time. Avoid this by surfacing the ranked register on the operational dashboard, with the top three response items per system shown to the owner each week. The Areebi platform dashboard does this by default, which is why building the AI governance programme on a control plane rather than a spreadsheet pays back quickly.
Pitfall 2: Resource plans that ignore the prioritisation. The MANAGE 2 plan is built from last year's headcount and last year's tooling spend, with a token nod to the risk register. The high-impact systems are under-resourced, the low-impact systems are over-monitored, and the programme drifts. Avoid this by binding the annual budget cycle to the risk-tier classification in the inventory, so that any system that moves to high-impact triggers a resource review and any system that stays at high-impact retains its dedicated resource by default.
Pitfall 3: Communication that does not reach the people who need it. The MANAGE 3 plan covers the AI Governance Committee and the board but never reaches front-line operators, affected populations, or external regulators in a form they can act on. Avoid this by drafting the communication plan from the outside in: name the regulator, the citizen, and the operator first, then work back to the executive. The EU AI Act transparency obligations are the harshest external benchmark, and a plan that meets them tends to satisfy lighter regimes too.
MANAGE-to-Areebi capability mapping
The table below maps each MANAGE subcategory to the Areebi platform capability that implements it. The mapping is intentionally conservative - we list only capabilities that ship in the platform today, cross-checked against the NIST AI RMF hub and the platform overview.
| Subcategory | Outcome | Areebi capability | Where to look |
|---|---|---|---|
| MANAGE 1 | Risks prioritised, responded to, managed | Per-system ranked risk register with named owners, response strategy, and time-bound deadline; integrated with the system inventory | /platform#dashboard |
| MANAGE 2 | Strategies planned and resourced | Resource-to-risk-tier binding with executive sign-off; budget cycle integration; quarterly resource review workflow | /platform |
| MANAGE 3 | Risks and benefits communicated | Multi-channel communication plan templates (committee, executive, front-line, citizen, regulator) with audit log of each disclosure | /platform#audit |
| MANAGE 4 | Treatments tracked and updated | Incident, near-miss, and feedback log bound to model and policy version; quarterly continuous improvement review | /platform#policy |
If you want to validate this mapping against your own environment, the Areebi AI Governance Assessment scores your current state across all four MANAGE outcomes and produces a prioritised remediation plan.
MANAGE implementation checklist
Use the checklist below to verify your MANAGE implementation against NIST AI 100-1 expectations. The checklist is intentionally short and binary - each item is either done or not done, with the evidence artefact named so that an auditor can find it on first request.
- Ranked risk register per high-impact system with impact-times-likelihood scoring, named owner, response strategy, deadline, and residual risk re-score. Evidence: risk register entries with timestamps.
- Resource allocation plan mapping the annual budget to the prioritised risks, with executive sponsor signature on record. Evidence: signed plan and budget line items.
- Communication plan covering committee, executive, front-line, citizen or customer, and regulator audiences, with named owners and cadences. Evidence: communication plan and audit log of disclosures.
- Incident, near-miss, and feedback log with root cause analysis and upstream artefact update for each material entry. Evidence: incident log entries plus the corresponding policy, impact assessment, or measurement plan version.
- Quarterly continuous improvement review with material findings fed back into GOVERN, MAP, and MEASURE. Evidence: review minutes and the resulting artefact updates.
- Annual board-level programme report covering the maturity of the AI RMF implementation and the changes made in the year. Evidence: board paper and meeting minutes.
What to read next
To close the loop across the AI RMF and operationalise the framework, work through this cluster in order.
- NIST AI RMF GOVERN function deep dive - the cross-cutting foundation that MANAGE depends on. Read this if you have not yet stood up an AI Governance Committee.
- NIST AI RMF MAP function deep dive - the per-system context, risk categorisation, and impact assessment outputs that MANAGE consumes.
- NIST AI RMF compliance hub - the canonical Areebi reference for the full framework and how each function maps to platform controls.
- NIST AI RMF implementation guide - the end-to-end implementation playbook covering all four functions over a 24-week timeline.
- ISO/IEC 42001 certification guide - the management system standard that pairs cleanly with the AI RMF, especially for MANAGE 2 resource allocation evidence and MANAGE 4 continuous improvement evidence.
- AI governance ROI business case - the CFO-facing argument for the resource allocation that MANAGE 2 requires.
Frequently Asked Questions
What is the MANAGE function in NIST AI RMF?
MANAGE is the fourth and final function in the NIST AI Risk Management Framework (AI RMF 1.0, NIST AI 100-1, published January 2023). It turns measured risks into prioritised responses, allocates resources, communicates risk to stakeholders, and closes the learning loop through continuous improvement. MANAGE is where the framework either becomes a self-sustaining operating system or stalls into a one-time compliance exercise.
How many MANAGE subcategories are there?
MANAGE contains four subcategories: MANAGE 1 (AI risks are prioritised, responded to, and managed), MANAGE 2 (strategies to maximise benefits and minimise risks are planned and resourced), MANAGE 3 (AI risks and benefits are communicated to relevant parties), and MANAGE 4 (risk treatments are tracked, communicated, and updated based on incidents and feedback). The subcategory IDs are the canonical reference auditors and regulators use.
What is the difference between MANAGE and MEASURE?
MEASURE characterises risks with quantitative and qualitative evidence (accuracy, fairness, drift, robustness). MANAGE takes those measurements and decides what to do: prioritise, resource, communicate, and improve. MEASURE produces data; MANAGE produces decisions, deadlines, and budget. NIST AI 100-1 expects both, and a programme that does one without the other fails review.
How does MANAGE relate to OMB M-24-10 and EO 14110?
OMB M-24-10 (March 28, 2024) operationalises EO 14110 (October 30, 2023) for US federal agencies and explicitly requires elements that align with MANAGE: prioritised risk response for safety-impacting and rights-impacting AI, named AI officials, communication of AI use to the public, and incident-driven improvement. Non-federal organisations often treat OMB M-24-10 as a useful external benchmark for MANAGE 1 through MANAGE 4 evidence.
What documents prove MANAGE compliance?
Auditors and regulators typically expect: a ranked risk register per high-impact system with named owners and time-bound deadlines (MANAGE 1); a resource allocation plan tied to the prioritised risks with executive sign-off (MANAGE 2); a multi-channel communication plan and audit log of disclosures (MANAGE 3); and an incident, near-miss, and feedback log with documented upstream artefact updates (MANAGE 4). The Areebi platform inventory generates these artefacts as a byproduct of normal operation.
How often should MANAGE artefacts be refreshed?
NIST AI 100-1 expects MANAGE artefacts to be refreshed continuously rather than on a fixed schedule. As a practical baseline, organisations should review the risk register (MANAGE 1) monthly for high-impact systems and quarterly for the rest, refresh the resource allocation (MANAGE 2) annually with the budget cycle, exercise the communication plan (MANAGE 3) on the cadence each channel demands, and review the incident and feedback log (MANAGE 4) quarterly. The Areebi platform binds these review cycles to the system inventory so that no refresh is missed.
Related Resources
- NIST AI RMF Compliance Hub
- Areebi Platform
- Policy Engine
- Audit Log
- Compliance Dashboards
- AI Governance Assessment
- EU AI Act Compliance
- ISO 42001 Compliance
- NIST AI RMF GOVERN Deep Dive
- NIST AI RMF MAP Deep Dive
- NIST AI RMF Implementation Guide
- ISO 42001 Certification Guide
- Build AI Governance Program
- AI Governance ROI Business Case
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and governance best practices.
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and best practices.
About the Author
Areebi Research
The Areebi research team combines hands-on enterprise security work with deep AI governance research. Our analysis is informed by primary sources (NIST, ISO, OECD, federal registers, IAPP) and the operational realities of CISOs running AI programs in regulated industries today.
Ready to govern your AI?
See how Areebi can help your organization adopt AI securely and compliantly.