Introduction to the NISP RMF A&A Process CS150.16

This course does not contain the final exam. Students must register for the exam separately in STEPP and will receive credit for the course upon receiving a passing score.

Description: This course introduces the National Industrial Security Program (NISP) Risk Management Framework (RMF) Assessment and Authorization (A&A) Process.  The course provides training on the policies and standards used to protect information within computer systems in support of the Defense Counterintelligence and Security Agency’s (DCSA) mission.  In addition, the course identifies and defines the Government and contractor roles and responsibilities.  It also includes the Seven-Step RMF as it relates to the A&A process.

Course Resources: Access this course's resources

Learning Objectives: This course is designed to enable students to:

  • Identify and define the components of the risk management process
  • Identify key sources of risk
  • Identify and define security objectives and the characteristics of security controls
  • Explain how impact levels are assigned to confidentiality, integrity, and availability
  • Define the RMF A&A process and identify its purpose and timeline
  • Identify the legal, regulatory, and contractual requirements that govern the RMF A&A process
  • Identify and define DCSA and contractor roles and responsibilities related to the RMF A&A process

Delivery Method: eLearning

Length: 90 minutes

Target Audience: Department of Defense (DOD) information system users and other U.S. Government personnel and contractors within the NISP who are responsible for assessing information systems and certifying to the Government that information systems meet security requirements.


  • General Requirements: N/A
  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: Students must earn at least a 75 percent grade average on the CS150.06 course exam.

Prerequisites: N/A

Credits Recommended/Earned:

System Requirements: Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.