You are required to register for the Risk Management Framework (RMF) Curriculum Navigation (CS100.NAV) document which will enroll you in the curriculum and assign the appropriate courses/exams.

Description: This curriculum introduces the Risk Management Framework (RMF) and explores how it is used to manage the overall risk to an organization from different sources. Students will fully examine the six framework components individually, enabling them to understand the entire process as it relates to their information system's entire lifecycle. This curriculum focuses on providing practical guidance on completing and maintaining the certification and accreditation process and on obtaining formal authority to operate.

Learning Outcomes: See individual courses for learning outcomes.

Delivery Method: eLearning

Length: 4.5 hours

Target Audience: Military, civilian, and contractor professionals responsible for evaluating information systems and certifying to the Government that information systems meet security requirements

Number of Students Per Course: N/A


  • Clearance Requirement: None
  • Attendance Requirement: N/A
  • Exam Requirements: Students must earn a 75 percent grade average on course exams and performance exercises.

Prerequisites: None

List of Courses and Exams:

  • Risk Management Framework (RMF) Step 1: Categorization of the System CS102.16
  • Risk Management Framework (RMF) Step 2: Selecting Security Controls CS103.16
  • Risk Management Framework (RMF) Step 3: Implementing Security Controls CS104.16
  • Risk Management Framework (RMF) Step 4: Assessing Security Controls CS105.16
  • Risk Management Framework (RMF) Step 5: Authorizing Systems CS106.16
  • Risk Management Framework (RMF) Step 6: Monitor Security Controls CS107.16
  • Risk Management Framework (RMF) Curriculum Final Exam CS100.06

Additional System Requirements: N/A

Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.