ARCS/Crosswalks/ARCS / NIST AI RMF Crosswalk
ARCS / NIST AI RMF 1.0
Overview
NIST AI RMF 1.0 is a lifecycle risk-management framework for AI systems organized around four functions: Govern, Map, Measure, and Manage. This crosswalk identifies where ARCS record-governance controls relate to AI RMF functions and selected subcategories.
ARCS scope
ARCS governs the record-lifecycle layer: classification, custody, retention, preservation, deletion, propagation, and verification of interaction artifacts created during AI system use.
Mapping method
Mappings are made where an AI RMF outcome intersects with ARCS's narrower record-governance domain. Alignment labels indicate the strength of that relationship within scope.
Selected mappings
Table A maps AI RMF functions to ARCS control families at the category and theme level. Alignment labels indicate the strength of ARCS relevance within the standard's narrower record-governance scope.
| Function | Category / Theme | ARCS Families | Alignment |
|---|---|---|---|
| Govern | Policy and accountability | Strong | |
| Govern | Internal oversight and documentation | Strong | |
| Govern | Third-party and vendor governance | Strong | |
| Govern | Data and record governance alignment | Strong | |
| Map | System and boundary definition | Strong | |
| Map | Record-surface identification | Strong | |
| Map | Context of use and downstream exposure | Moderate | |
| Map | Human and organizational role boundaries | Moderate | |
| Measure | Evidence and auditability | Strong | |
| Measure | Classification and traceability | Moderate | |
| Measure | Verification of vendor assertions | Strong | |
| Measure | Monitoring of lifecycle behavior | Moderate | |
| Manage | Retention and deletion handling | Strong | |
| Manage | Preservation and escalation | Strong | |
| Manage | Export, sharing, and propagation control | Strong | |
| Manage | Ongoing control verification and remediation | Strong |
Selected subcategory mappings
Selected AI RMF subcategories for which ARCS has a clear and bounded relationship. Subcategories addressing model validity, bias, safety, explainability, and other domains outside ARCS scope are omitted.
Govern
NIST places the Govern function in a cross-cutting role, covering organizational policies, processes, practices, roles, and responsibilities for managing AI risks. This is the strongest point of attachment for ARCS, because ARCS is a governance system for record classes, custody surfaces, lifecycle rules, verification obligations, and boundary definitions. ARCS supports AI RMF Govern outcomes where organizations require documented policies, assigned accountability, class-based treatment rules, and verifiable governance claims for records created during AI system use.
| Subcategory | NIST Outcome | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| GOVERN 1.1 | Legal and regulatory requirements involving AI are understood, managed, and documented. | ARCS-LIF (LIF-01 to LIF-04), ARCS-CUS (CUS-01 to CUS-04), ARCS-PV (PV-01 to PV-07), ARCS-PUB (PUB-01 to PUB-06), ARCS-VER (VER-01 to VER-07) | Strong | ARCS supports this outcome where legal obligations depend on the existence, retention, preservation, disclosure, or verification of AI interaction records. |
| GOVERN 1.4 | Risk management outcomes are established through transparent policies and controls. | ARCS-LIF (LIF-01 to LIF-04), ARCS-CUS (CUS-01 to CUS-04), ARCS-VER (VER-01 to VER-07), ARCS-NCR (NCR-01 to NCR-06) | Strong | ARCS supports this by requiring explicit lifecycle rules, transparent custody assumptions, and documented claims about persistence, deletion, or non-creation posture. |
| GOVERN 2.1 | Roles and responsibilities for AI risk management are documented and clear. | ARCS-OPB (OPB-01, OPB-03), ARCS-DEL (DEL-01 to DEL-04), ARCS-PV (PV-01 to PV-03), ARCS-VER (VER-01, VER-02) | Strong | ARCS is directly relevant where record responsibility changes across operators, vendors, delegates, reviewers, and preservation recipients. |
| GOVERN 3.2 | Policies define roles for human-AI configurations and oversight. | ARCS-OPB (OPB-01, OPB-03), ARCS-AGT (AGT-01 to AGT-05), ARCS-DEL (DEL-01 to DEL-04) | Strong | ARCS supports this where human-AI configurations generate records whose custody and persistence depend on role boundaries and delegated action. |
| GOVERN 1.6 | Mechanisms are in place to inventory AI systems. | ARCS-CUS (CUS-01 to CUS-04), ARCS-TAX (TAX-01 to TAX-03), ARCS-AGT (AGT-01 to AGT-03), ARCS-DEL (DEL-01, DEL-02) | Moderate | ARCS does not inventory AI systems generally, but it supports inventorying record-generating surfaces, artifact classes, memory layers, and delegation chains. |
Map
NIST uses the Map function for context-setting: system purpose, use context, boundaries, stakeholders, and conditions of deployment. ARCS contributes by treating AI systems as record-generating environments and requiring identification of record classes, custody surfaces, publish boundaries, runtime artifacts, and persistence across delegation and memory layers. The strongest relevance is where third-party software, hosted services, memory layers, or delegated actors create uncertainty about what records exist and where those records persist.
| Subcategory | NIST Outcome | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| MAP 1.1 | Context is established and understood. | ARCS-CUS (CUS-01 to CUS-04), ARCS-OPB (OPB-01 to OPB-05), ARCS-TAX (TAX-01 to TAX-03) | Strong | ARCS contributes by establishing the record context of AI use: what artifacts arise, where they arise, and what boundaries define the governed environment. |
| MAP 3.2 | Potential costs from AI errors are examined and documented. | ARCS-LIF (LIF-01 to LIF-04), ARCS-CUS (CUS-01 to CUS-04), ARCS-PV (PV-01 to PV-07), ARCS-PUB (PUB-01 to PUB-06) | Strong | ARCS supports this where downstream costs arise from retention, discovery, preservation, propagation, or disclosure burdens associated with created records. |
| MAP 4.1 | Approaches for mapping legal risks of AI components are documented. | ARCS-CUS (CUS-01 to CUS-12), ARCS-OPB (OPB-01, OPB-03), ARCS-PUB (PUB-01 to PUB-04), ARCS-VER (VER-01 to VER-03) | Strong | ARCS strongly supports this outcome where third-party components externalize or fragment record custody. |
| MAP 4.2 | Internal risk controls for AI components including third-party technologies are documented. | ARCS-CUS (CUS-09 to CUS-12), ARCS-VER (VER-01 to VER-07), ARCS-NCR (NCR-01 to NCR-06) | Strong | ARCS supports this where internal controls concern retention claims, export restrictions, logging boundaries, deletion posture, and verification of vendor assertions. |
| MAP 1.6 | System requirements are elicited and understood by relevant AI actors. | ARCS-TAX (TAX-01 to TAX-03), ARCS-OPB (OPB-01, OPB-03), ARCS-AGT (AGT-01 to AGT-05), ARCS-DEL (DEL-01 to DEL-04) | Moderate | ARCS supports this where requirements must specify record classes, runtime artifacts, persistence behavior, and delegation or memory controls. |
Measure
NIST describes Measure as the function for analysis, assessment, benchmarks, metrics, and evidence needed to understand AI risks. ARCS is narrower here. It is not a model-evaluation or safety-benchmarking framework. Its contribution is narrower: it helps determine whether lifecycle and custody claims are documented, auditable, periodically re-tested, and tied to actual deployment conditions.
| Subcategory | NIST Outcome | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| MEASURE 1.1 | Approaches and metrics for AI risk measurement are selected. | ARCS-VER (VER-01 to VER-03), ARCS-CUS (CUS-01 to CUS-04), ARCS-LIF (LIF-08, LIF-12) | Strong | ARCS supports this where lifecycle and custody claims can be tested, and where unverified assumptions about retention or deletion must be documented. |
| MEASURE 2.8 | Transparency and accountability risks are examined. | ARCS-VER (VER-01 to VER-07), ARCS-PUB (PUB-01 to PUB-06), ARCS-CUS (CUS-01 to CUS-04) | Strong | ARCS directly addresses transparency and accountability questions around record existence, accessibility, and verifiability. |
| MEASURE 3.1 | Approaches are in place to track emergent AI risks. | ARCS-LIF (LIF-08), ARCS-DEL (DEL-01 to DEL-04), ARCS-AGT (AGT-01 to AGT-05), ARCS-PV (PV-01 to PV-03) | Moderate | ARCS supports tracking emergent lifecycle risks where records persist unexpectedly across sessions, memory layers, or delegated workflows. |
| MEASURE 4.1 | Measurement approaches are connected to deployment contexts. | ARCS-VER (VER-01, VER-02), ARCS-OPB (OPB-01, OPB-03), ARCS-CUS (CUS-01 to CUS-04) | Moderate | ARCS contributes by requiring that verification and custody assessments reflect actual deployment context rather than abstract vendor claims. |
| MEASURE 2.13 | Effectiveness of TEVV processes are evaluated. | ARCS-VER (VER-01, VER-02), ARCS-LIF (LIF-08, LIF-12) | Moderate | ARCS contributes where organizations must re-evaluate whether their methods for verifying lifecycle posture and custody assumptions are effective in practice. |
Manage
NIST frames Manage as the function for treating and responding to identified risks over time. This is the other strongest alignment point for ARCS, because many ARCS obligations are operational: retention handling, deletion handling, preservation overrides, export control, delegation control, and remediation where custody assumptions break down.
| Subcategory | NIST Outcome | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| MANAGE 1.2 | Treatment of AI risks is prioritized by impact, likelihood, or resources. | ARCS-LIF (LIF-01 to LIF-04), ARCS-PV (PV-01 to PV-03), ARCS-CUS (CUS-01 to CUS-04) | Strong | ARCS supports prioritization where record persistence, multi-custodian exposure, and preservation burdens materially affect response planning. |
| MANAGE 1.3 | Responses to high-priority AI risks are developed and documented. | ARCS-PV (PV-01 to PV-07), ARCS-LIF (LIF-05 to LIF-07), ARCS-NCR (NCR-01 to NCR-06), ARCS-PUB (PUB-01 to PUB-04), ARCS-VER (VER-01 to VER-03) | Strong | ARCS governs operational responses to retention, deletion, preservation, export, and verification risks. In this setting, ARCS governs three principal record-layer response paths: deletion under LIF controls, non-creation posture under NCR controls, and preservation under PV controls. |
| MANAGE 1.4 | Negative residual risks to downstream acquirers and end users are documented. | ARCS-PUB (PUB-01 to PUB-06), ARCS-CUS (CUS-01 to CUS-04), ARCS-NCR (NCR-01 to NCR-06) | Strong | ARCS supports residual-risk documentation where downstream parties inherit uncertainty about logging, retention, export, or disclosure posture. |
| MANAGE 2.3 | Procedures to respond to and recover from previously unknown risks. | ARCS-PV (PV-01 to PV-07), ARCS-DEL (DEL-01 to DEL-04), ARCS-AGT (AGT-01 to AGT-05), ARCS-VER (VER-01 to VER-07) | Strong | ARCS supports response where unexpected persistence, propagation, delegated copying, or hidden artifact creation is discovered after deployment. |
| MANAGE 2.1 | Resources required to manage AI risks are taken into account. | ARCS-PV (PV-01 to PV-03), ARCS-VER (VER-01 to VER-03), ARCS-LIF (LIF-08) | Moderate | ARCS contributes where managing record burdens requires staffing, tooling, legal review, or alternative process choices. |
Outside scope
ARCS does not cover broader AI RMF domains such as model validity, reliability, safety evaluation, security, explainability, fairness, environmental impact, workforce governance, or performance benchmarking.
The omission is structural. ARCS governs records created during AI system use; AI RMF governs broader questions of system behavior, trustworthiness, testing, and organizational risk management.
ARCS also governs several record-lifecycle domains outside AI RMF coverage:
Record retention and discovery exposure
ARCS-LIF (LIF-01 to LIF-04, LIF-08, LIF-12, LIF-13), ARCS-TAX (TAX-01 to TAX-03)
ARCS governs whether AI interaction records are retained, how they are classified, and whether deletion and lifecycle claims are verifiable. Records that persist may become subject to litigation, regulatory inquiry, or law-enforcement process. ARCS treats retained AI interaction records as potentially discoverable and does not assume any categorical exemption from ordinary legal process. LIF-01 through LIF-04 require explicit retention-tier classification and documented lifecycle states. LIF-12 and LIF-13 address deletion verifiability and architecturally precluded deletion. TAX-01 through TAX-03 require each record class to be formally identified with documented lifecycle rules. The AI RMF does not address retention duration, deletion verification, or the legal consequences of retained interaction records.
Multi-vendor custody chain mapping
ARCS-CUS (CUS-01 to CUS-12), ARCS-VER (VER-01 to VER-03)
When AI systems operate across multiple vendors, record custody fragments across platform, model, infrastructure, and integration surfaces. CUS-01 through CUS-10 require mapping each custodian and documenting possession, control, access, and deletion authority across the chain. CUS-11 addresses authorization-gap custody, where AI actions create records at downstream surfaces without explicit human authorization. CUS-12 requires documented governance declarations from each vendor in the custody chain. VER-01 through VER-03 require that custody claims are testable rather than assumed. The AI RMF does not require mapping where records reside across vendor boundaries or who controls them at each surface.
Non-creation claim verification
ARCS-NCR (NCR-01 to NCR-06), ARCS-VER (VER-01, VER-02)
ARCS-NCR governs cases in which an operator claims that records are neither created nor retained. NCR-01 through NCR-06 require that non-creation claims be architecturally verified rather than asserted by policy. Verification evaluates whether the declared record class enters any persistence surface, including upstream provider logging, error monitoring, telemetry, and observability pipelines. Claims that cannot survive architectural review are prohibited under the standard. The AI RMF does not address non-creation claims or provide a framework for evaluating whether an operator's assertion that no records exist is architecturally accurate.
Preservation and legal hold for AI records
ARCS-PV (PV-01 to PV-07), ARCS-CUS (CUS-01 to CUS-04)
ARCS-PV governs preservation triggers, hold procedures, scope definitions, hold duration, release conditions, and multi-vendor preservation communication. PV-01 through PV-06 require documented preservation procedures that identify which record classes are in scope, how holds are communicated to each custodian, and how hold status is tracked. PV-07 requires documented procedures for communicating preservation obligations to each vendor surface in the custody chain. Preservation obligations override ordinary deletion behavior and must be communicated across each relevant custodian in the record chain. The AI RMF does not address preservation triggers, legal hold procedures, or coordinated hold communication across distributed AI record surfaces.
Agent tool-use and downstream record surfaces
ARCS-AGT (AGT-01 to AGT-13), ARCS-CUS (CUS-11)
ARCS governs the record-lifecycle consequences of agent tool use. When agents call downstream tools, those tools may create records at their own surfaces, including logs, audit trails, database entries, and third-party system artifacts. AGT-01 through AGT-05 require runtime component enumeration so that every tool-call surface is identified and documented. AGT controls also address authorization-gap custody (intersecting with CUS-11), where agent actions create records without explicit human authorization for each individual action. The AI RMF does not separately govern the record-lifecycle consequences of agent tool use or require enumeration of downstream record surfaces created by autonomous agent behavior.
Delegation and memory persistence
ARCS-DEL (DEL-01 to DEL-12), ARCS-LIF (LIF-01 to LIF-04)
ARCS-DEL governs delegation patterns and cross-session memory persistence. DEL-01 through DEL-04 require that delegation chains are documented and that each delegate's record-creation behavior is known. When memory persists across sessions, the resulting artifact becomes a governed record class subject to lifecycle, custody, and preservation rules under LIF-01 through LIF-04. Delegation also creates propagation paths: a record carried forward through memory into subsequent sessions may exist at multiple surfaces with different custodians. The AI RMF does not separately govern cross-session memory persistence, delegation-chain record creation, or the custody consequences of persistent memory in AI systems.