§ AI Governance Operating Stack·free · browser-local · longitudinal

Benchmark your AI governance program, then track it over time.

A free organization-level AI governance maturity self-assessment, scored against the four NIST AI RMF functions — Govern, Map, Measure, Manage — with the finserv expectations that examiners actually ask about woven in: board and committee oversight, SR 11-7 / SR 26-2 model risk, fair lending, third-party AI, and LLM security testing.

Answer sixteen questions, get a maturity score per function and overall, and save the result to your browser so a re-take later shows the delta. The output is a board-ready summary you can export and print.

Your data never leaves your machine. This tool runs entirely in your browser. Your answers and saved history are stored only in this browser's localStorage — there is no account, no upload, and no telemetry on what you enter. You control it with Export and Print.

§ Read this first

This self-assessment is a structured readiness aid grounded in the NIST AI RMF, with finserv expectations mapped in. The maturity levels, scores, and bands are DSE's own practitioner heuristics, not codified regulatory definitions. It is not an audit, a certification, an examination outcome, or legal advice, and does not guarantee passing a supervisory review. DSE prepares programs for audit and works alongside your counsel and risk owners.

Self-assessment

Sixteen questions across four functions.

Rate each statement on a 1–5 capability scale: 1 Initial (ad hoc), 2 Developing, 3 Defined, 4 Managed, 5 Optimizing. Score honestly — the value is the trend line, not a single number.

Want the score turned into a funded roadmap?

If your maturity lands in Initial or Developing, DSE can scope a fixed-fee AI governance readiness engagement: the inventory, tiering, control crosswalk, and evidence pack that move the weakest function up a level.

Scope a call

This maturity self-assessment is a readiness aid and structured heuristic. It is not legal advice, a model validation, a regulatory classification, certification, audit, or guarantee of any examination outcome. The maturity levels and bands are DSE's own practitioner heuristics, not codified NIST AI RMF or supervisory definitions. Review outputs with your counsel and risk owners before adoption.