govrn
govrnThe standard / 02

The standard.

We operationalize the standards the field already trusts. We don’t reinvent them.

01

Built on recognized authority.

AI

NIST AI RMF + GenAI Profile

The US voluntary baseline — Govern, Map, Measure, Manage.

AI

ISO/IEC 42001

The certifiable AI management system — the anchor for AI-governance certification.

AI

OWASP LLM Top 10 · MITRE ATLAS

The technical AI threat surface — prompt injection, agentic risk, adversarial.

AI

EU AI Act

Where there’s an EU nexus — transparency, oversight, GPAI obligations.

SEC

NIST CSF 2.0 · CIS Controls v8.1

The cybersecurity substrate the AI runs on.

02

What the AI lens governs.

The surface a security-only review structurally misses — eleven control domains, each mapped to one of the authorities above:

01

Model inventory · AI-BOM

Every model, dataset, prompt, and fine-tune — owned and accounted for.

02

Bias & fairness

Disparate-impact testing where AI touches consequential decisions.

03

Human oversight

A human gates the answers that matter.

04

Data provenance · drift · agentic · supply chain · transparency · incident response

The rest of the lens — lineage, model drift, autonomy limits, foundation-model risk, disclosure, and AI-specific incident handling.

In check with what’s out there — and kept current as the standards move.