Description: This course covers the second step of the Risk Management Framework (RMF) process: Selecting Security Controls. Upon completion, students will be able to select and implement an appropriate initial set of security controls based on the security categorization, as covered in the previous step. This course also discusses the process for modifying and supplementing the security control baseline based on risk assessment and local conditions.

Course Resources: N/A

Learning Objectives: This course is designed to enable students to:

  • Define security control policies and guidelines
  • Identify security controls and common controls
  • Describe and select security controls
  • Describe the purpose of security overlays and tailoring
  • Explain the importance of continuous monitoring
  • Indicate who approves the security plan
  • Explain when to update the security plan

Delivery Method: eLearning

Length: 30 minutes

Target Audience: Department of Defense (DoD) information system users and other U.S. Government personnel and contractors within the National Industrial Security Program

Requirements:

  • General Requirements: N/A
  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: N/A

Prerequisites: N/A

Credits Recommended/Earned:

  • ACE Credit Recommendation: (What's this?) N/A
  • Professional Development Units per SPēD: 1.5

System Requirements: Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.