Goal
Pick one of the NIST AI RMF functions in docs/coverage/nist-ai-rmf.md marked ⚠️ Scaffold — `map`, `measure`, or `manage` — and replace its placeholder field names with concrete checks tied to the NIST AI RMF category descriptions.
Why this matters
GOPAL already implements the `govern` function (governance.rego). The other three functions have package structure but placeholder logic. Filling them out completes the AI RMF surface and unblocks the 600-1 generative-AI risk rules that compose on top.
Suggested target — MAP
The Map function is the most concrete because its categories describe context establishment that maps cleanly to input fields:
| Category |
Input fields |
| MAP 1 — Context |
`input.context.use_case`, `input.context.deployment_environment`, `input.context.affected_populations` |
| MAP 2 — Categorization |
`input.system.modality`, `input.system.autonomy_level` |
| MAP 3 — Capabilities/limitations |
`input.evaluation.benchmark_results`, `input.evaluation.known_failure_modes` |
| MAP 4 — Risks/benefits |
`input.risk_register` |
| MAP 5 — Impacts |
`input.stakeholder_impact_analysis` |
Acceptance criteria
Get help
See docs/tutorials/add-your-first-policy.md. Comment here for guidance.
Goal
Pick one of the NIST AI RMF functions in docs/coverage/nist-ai-rmf.md marked⚠️ Scaffold — `map`, `measure`, or `manage` — and replace its placeholder field names with concrete checks tied to the NIST AI RMF category descriptions.
Why this matters
GOPAL already implements the `govern` function (governance.rego). The other three functions have package structure but placeholder logic. Filling them out completes the AI RMF surface and unblocks the 600-1 generative-AI risk rules that compose on top.
Suggested target — MAP
The Map function is the most concrete because its categories describe context establishment that maps cleanly to input fields:
Acceptance criteria
Get help
See docs/tutorials/add-your-first-policy.md. Comment here for guidance.