Description: This course covers the second step of the Risk Management Framework (RMF) process: Selecting Security Controls. Upon completion, students will be able to select and implement an appropriate initial set of security controls based on the security categorization, as covered in the previous step. This course also discusses the process for modifying and supplementing the security control baseline based on risk assessment and local conditions.
Course Resources: Access this course's resources
Learning Objectives: This course is designed to enable students to:
- Define security control policies and guidelines
- Identify security controls and common controls
- Describe and select security controls
- Describe the purpose of security overlays and tailoring
- Explain the importance of continuous monitoring
- Indicate who approves the security plan
- Explain when to update the security plan
Delivery Method: eLearning
Length: 30 minutes
Target Audience: Department of Defense (DOD) information system users and other U.S. Government personnel and contractors within the National Industrial Security Program
- General Requirements: N/A
- Clearance Requirements: N/A
- Attendance Requirements: N/A
- Exam Requirements: N/A
- ACE Credit Recommendation: (What's this?): N/A
- Professional Development Units per SPēD: 1.5
System Requirements: Check if your system is configured appropriately to use STEPP.
CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.