Risk Management Framework (RMF) Authorize Step CS106.16

Description: This course covers the roles and responsibilities of key stakeholders as they relate to completing, submitting, and approving system authorization packages. This course explores the authorization process from the perspectives of both the system owner and the Authorizing Official, including development of a Plan of Actions and Milestones (POA&M) and the cognizant acceptance of risk. Authorize Step is part of the RMF course curriculum, which provides training to DOD personnel with assessment and authorization responsibilities to help them prepare the organization to manage its security and privacy risks using the Risk Management Framework.

Course Resources: Access this course's resources

Learning Objectives: 

  • Describe the purpose of the Authorize Step 
  • Identify policies and guidelines for the Authorize Step in the RMF
  • Identify tasks, inputs, and outputs, roles and responsibilities within the Authorize Step
  • ​Describe the five tasks and associated inputs, outputs, roles, and responsibilities in the Authorize Step

Delivery Method: eLearning

Length: 30 minutes

Target Audience: Department of Defense (DOD) information system users and other U.S. government personnel involved with assessment and authorization using the Risk Management Framework.


  • General Requirements: N/A
  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: Students must earn a 75 percent grade average on course exams and performance exercises.

Prerequisites: N/A

Credits Recommended/Earned:

  • ACE Credit Recommendation: (What's this?): N/A
  • Professional Development Units per SPēD: PDUs are determined by length of course and IAW with current Certification Maintenance Guidelines

System Requirements: Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.