When the NIST AI Risk Management Framework 1.0 landed in January 2023, most enterprise security and compliance teams filed it under "important but not urgent." It was voluntary. It was abstract. It was guidance for AI developers, not for companies whose employees were just starting to paste meeting notes into ChatGPT.
That was then. NIST AI 600-1 — the Generative AI Profile published in July 2024 — extended the framework to cover exactly those everyday use cases, developed with a public working group of 2,500 participants and centering on 13 specific risks and more than 400 actions organizations can take to manage them. And now, as the NIST AI Resource Center confirms, AI RMF 1.0 itself is being revised — with a new AI RMF 1.1 on the way, and an updated Playbook to follow.
The revision creates a problem most enterprises haven't yet named: they're already behind on the framework that's being replaced.
The Framework Enterprises Think They Understand
The NIST AI RMF organizes AI risk management into four core functions: Govern, Map, Measure, and Manage. Most enterprise teams have a reasonable handle on Map (cataloging AI systems), Measure (risk-scoring models in development), and Manage (responding to identified risks). These functions map naturally onto existing IT governance workflows — asset inventories, vulnerability management, incident response.
Govern is the one they're failing.
GOVERN is where the framework asks organizations to establish the policies, processes, accountability structures, and workforce practices that make AI risk management real rather than theoretical. It's the function that connects every other function to actual people doing actual things with actual AI tools — every day, at scale, without a security engineer in the loop.
In 2023, when the RMF 1.0 came out, a "generative AI governance program" meant policies on paper and maybe a training module. In 2024, when NIST AI 600-1 landed with its 13 generative AI risk categories — covering data privacy, intellectual property, misinformation, security vulnerabilities, and more — the expected GOVERN maturity raised significantly. The revision to AI RMF 1.1 will almost certainly raise it further.
What Most Enterprise "AI Governance" Programs Actually Are
Here's what a typical F500 enterprise AI governance program looks like in 2026:
- An Acceptable Use Policy for AI tools, distributed via email or the company intranet
- A vendor approval list for sanctioned AI platforms (ChatGPT Enterprise, Copilot M365, etc.)
- Some version of security training that covers "don't share customer data with AI tools"
- A shadow AI discovery program that finds unsanctioned tool usage after the fact
None of this is the GOVERN function. None of this is real-time. None of this tells you, in the moment an employee submits a query, whether that query violated your policy — and none of it creates the auditable record the GOVERN function requires.
What NIST actually means by GOVERN is continuous: policies operationalized in the tools themselves, accountability traceable to specific decisions and actions, workforce practices that work whether an employee remembers their training or not.
The Generative AI Profile Made the Gap Visible
NIST AI 600-1, released in July 2024, is the clearest signal yet of where the bar is headed. The profile maps directly to the AI RMF's core functions and provides specific guidance for the risks that generative AI introduces: data privacy in training and inference, confidentiality of enterprise context provided in prompts, security vulnerabilities exposed through model manipulation, and the intellectual property complications of outputs built on training data.
For enterprises, the most operationally significant part of AI 600-1 isn't the risk taxonomy. It's the implicit enforcement requirement. Managing these 13 risks at scale — across a workforce where employees interact with AI tools dozens of times per day across ChatGPT, Claude, Gemini, Copilot, Perplexity, and whatever new tool launched last week — requires something more than policy documents and periodic audits.
It requires interception.
Why "Point-in-Time" Governance Doesn't Satisfy GOVERN
The GOVERN function isn't about having a policy. It's about demonstrating that the policy is actually operating. That distinction matters enormously for audit purposes — and it matters even more when the revised AI RMF 1.1 raises the expected evidence standard.
Consider what a real GOVERN audit trail looks like under the framework's requirements:
- Which employees are using which AI tools?
- What types of content are being submitted to external AI systems?
- Are policy violations being detected at the point of submission, or discovered weeks later in a log review?
- When a violation is detected, what happened next — was the submission blocked, flagged for review, or simply logged?
- How does the organization demonstrate that its policies are operationally effective, not just theoretically sound?
Annual access reviews and quarterly training completions can't answer these questions. They tell you who has access to sanctioned tools; they don't tell you what those employees are actually submitting to AI systems, or whether any of it violated your data classification, confidentiality, or IP policies.
The RMF 1.1 Revision Is a Forcing Function
NIST's upcoming revision to AI RMF 1.1 — with a corresponding Playbook revision to follow — represents a maturity step for enterprise AI governance. The original framework was written when most enterprises were trying to figure out whether to allow AI tools at all. The revised framework will be written for enterprises that have been running AI tools for years and need to demonstrate that they're actually governing them.
This is the moment to get ahead of it. Organizations that have built real-time enforcement infrastructure — at the proxy layer, in the browser, at the point of submission — will have audit evidence that satisfies the GOVERN function's intent. Organizations running on acceptable-use policies and discovery tooling will have a gap they'll need to explain to examiners, auditors, and their own boards.
The enforcement infrastructure the RMF 1.1 will implicitly require isn't complicated to describe:
- Real-time policy evaluation — every AI submission checked against organizational policy before it reaches the model
- Audit-ready logging — a tamper-evident record of what was submitted, what policy said, and what happened
- Scope coverage — enforcement across all AI surfaces employees actually use, not just the ones IT approved
- Governance dashboard — visibility into AI usage patterns, policy violation trends, and per-user activity
This is what GOVERN looks like in practice. Not a policy PDF. Not a training video. Infrastructure.
What to Do Before 1.1 Lands
The revision timeline isn't published, but the direction is clear. Here's how to use the current moment:
Audit your GOVERN coverage gap. Map your existing AI governance controls against the GOVERN function outcomes in AI RMF 1.0 and AI 600-1. Specifically: can you produce a real-time, auditable record of AI policy enforcement? If the answer is "not really," that's your gap.
Don't wait for 1.1 to define the bar. The current frameworks — AI RMF 1.0 plus AI 600-1 — are already more than most enterprises have operationalized. Close the gap to those standards first. The 1.1 revision will likely confirm and extend what 600-1 already established.
Treat GOVERN as an infrastructure problem, not a training problem. Employees who forget their acceptable-use policy training aren't a compliance failure — they're a design failure. The governance infrastructure should enforce the policy whether or not the employee remembers it.
Build toward a defensible audit trail. Regulators, insurers, and enterprise customers are beginning to ask for evidence of AI governance programs, not just policies. The GOVERN function audit trail — who, what, when, what happened — is the artifact that satisfies that ask.
NIST is revising its AI Risk Management Framework because the governance problem has changed. Three years ago, the question was whether to allow AI tools. Today it's how to demonstrate that the tools you're already running are governed well enough to survive an audit, a breach, or a board-level inquiry.
The enterprises that will fare best in the AI RMF 1.1 era aren't the ones with the most sophisticated AI policies. They're the ones that turned those policies into running infrastructure — so that "we govern our AI tools" means something more than a document on the intranet.
Containment.AI provides real-time AI policy enforcement at the browser and proxy layer — the infrastructure that makes the NIST AI RMF GOVERN function operational rather than aspirational. Learn more →