Risk Management Framework (RMF) Implement Step CS104.16

Description: This course builds on the security controls selected in the previous step of the Risk Management Framework (RMF) process and discusses the implementation of the approved security plan. Upon completion, students will have an understanding of the documentation requirements for security controls, the development of required artifacts, and the process for applying industry best practices to reduce the overall level of risk. Implement Step is part of the RMF course curriculum, which provides training to DOD personnel with assessment and authorization responsibilities to help them prepare the organization to manage its security and privacy risks using the Risk Management Framework.

Course Resources: Access this course's resources

Learning Objectives: 

  • Describe the purpose of the Implement Step
  • Identify policies and guidelines for the Implement Step in the RMF
  • Identify the two tasks and associated inputs, outputs, roles, and responsibilities in the Implement Step 
  • List the three tasks and associated inputs, outputs, roles, and responsibilities in the Implement Step

Delivery Method: eLearning

Length: 30 minutes

Target Audience: Department of Defense (DOD) information system users and other U.S. government personnel involved with assessment and authorization using the Risk Management Framework.


  • General Requirements: N/A
  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: Students must earn a 75 percent grade average on course exams and performance exercises.

Prerequisites: N/A

Credits Recommended/Earned:

  • ACE Credit Recommendation: (What's this?): N/A
  • Professional Development Units per SPēD: PDUs are determined by length of course and IAW with current Certification Maintenance Guidelines

System Requirements: Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.