Benchmark your AI governance program, then track it over time.
A free organization-level AI governance maturity self-assessment, scored against the four NIST AI RMF functions — Govern, Map, Measure, Manage — with the finserv expectations that examiners actually ask about woven in: board and committee oversight, SR 11-7 / SR 26-2 model risk, fair lending, third-party AI, and LLM security testing.
Answer sixteen questions, get a maturity score per function and overall, and save the result to your browser so a re-take later shows the delta. The output is a board-ready summary you can export and print.
Your data never leaves your machine. This tool runs entirely in your browser. Your answers and saved history are stored only in this browser's localStorage — there is no account, no upload, and no telemetry on what you enter. You control it with Export and Print.
This self-assessment is a structured readiness aid grounded in the NIST AI RMF, with finserv expectations mapped in. The maturity levels, scores, and bands are DSE's own practitioner heuristics, not codified regulatory definitions. It is not an audit, a certification, an examination outcome, or legal advice, and does not guarantee passing a supervisory review. DSE prepares programs for audit and works alongside your counsel and risk owners.
Sixteen questions across four functions.
Rate each statement on a 1–5 capability scale: 1 Initial (ad hoc), 2 Developing, 3 Defined, 4 Managed, 5 Optimizing. Score honestly — the value is the trend line, not a single number.
Maturity by NIST AI RMF function
Priority gaps to close
Longitudinal trend (saved attempts)
Frameworks mapped
- NIST AI RMF 1.0 functions: Govern, Map, Measure, Manage.
- SR 11-7 / SR 26-2 model risk governance, independent validation, and effective challenge.
- Fair lending (ECOA / Regulation B), UDAP / UDAAP, and consumer-impact review.
- Interagency third-party / vendor AI risk; OWASP LLM Top 10 security testing.
Want the score turned into a funded roadmap?
If your maturity lands in Initial or Developing, DSE can scope a fixed-fee AI governance readiness engagement: the inventory, tiering, control crosswalk, and evidence pack that move the weakest function up a level.
Scope a call →This maturity self-assessment is a readiness aid and structured heuristic. It is not legal advice, a model validation, a regulatory classification, certification, audit, or guarantee of any examination outcome. The maturity levels and bands are DSE's own practitioner heuristics, not codified NIST AI RMF or supervisory definitions. Review outputs with your counsel and risk owners before adoption.