This course does not have a final exam.
Description: This course covers the second step of the Risk Management Framework (RMF) process: Selecting Security Controls. Upon completion, students will be able to select and implement an appropriate initial set of security controls based on the security categorization, as covered in the previous step. This course also discusses the process for modifying and supplementing the security control baseline based on risk assessment and local conditions.
Course Resources: N/A
This course is designed to enable students to:
- Define security control policies and guidelines
- Identify security controls and common controls
- Describe and select security controls
- Describe the purpose of security overlays and tailoring
- Explain the importance of continuous monitoring
- Indicate who approves the security plan
- Explain when to update the security plan
Length: 30 minutes
Target Audience: Department of Defense (DoD) information system users and other U.S. Government personnel and contractors within the National Industrial Security Program
Number of Student per Course: N/A
- Clearance Requirement: N/A
- Attendance Requirement: N/A
- Exam Requirements: N/A
- ACE Credit Recommendation: (What's this?) N/A
- Continuing Education Units per IACET: N/A
- Professional Development Units per SPeD: 1.5
Additional System Requirements: Check if your system is configured appropriately to use STEPP.
CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.