Description: This course provides students with in-depth knowledge and understanding of the Risk Management Framework (RMF) Step 6. It also defines the role it plays in information system security and the overall risk management of an organization. It explores continuous monitoring processes and tasks required, and address the roles and responsibilities for implementing continuous monitoring of information systems. This ongoing evaluation of the effectiveness of applied security controls will position organizations to better identify and mitigate vulnerabilities and threats to their information systems and information technology infrastructure.

Course Resources: Access this course's resources

Learning Objectives: This course is designed to enable students to:

  • Identify how risk management helps protect government assets
  • Examine Information Security Continuous Monitoring (ISCM) support of the three-tiered approach to risk management
  • Describe how configuration management controls enable continuous monitoring
  • Examine audit log support to continuous monitoring
  • Understand counterintelligence and cybersecurity personnel support to continuous monitoring

Delivery Method: eLearning

Length: 1.5 hours

Target Audience: Department of Defense (DoD) information system users and other U.S. Government personnel and contractors within the National Industrial Security Program


  • General Requirements: N/A
  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: N/A

Prerequisites: N/A

Credits Recommended/Earned:

  • ACE Credit Recommendation: (What's this?) N/A
  • Professional Development Units per SPēD: 4.5

System Requirements: N/A

Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.