← All answer keys
IT CertificationsAnswer Key

Rmf Step 3

13 community-sourced questions and answers. Free — no login.

Community-sourced. Answers may be wrong or out of date. Always verify with your official training portal before submitting. Not affiliated with any branch, agency, or vendor. Details.
QUESTION 1

Risk Management Framework (RMF) is the unified information security framework for the entire federal government that is replacing the legacy DIACAP (DoD Information Assurance Certification and Accreditation Process) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).

ANSWER

What is RMF?

QUESTION 2

DIACAP is the certification and accreditation (C&A) process that was implemented in 2006 replacing DITSCAP. DIACAP has now been replaced by the RMF process.

ANSWER

What is DIACAP?

QUESTION 3

Step 1 - CATEGORIZE System Step 2 - SELECT Security Controls Step 3 - IMPLEMENT Security Controls Step 4 - ASSESS Security Controls Step 5 - AUTHORIZE Systems Step 6 - MONITOR Security Controls

ANSWER

What are the steps in the RMF process?

QUESTION 4

DoDI 8510.01

ANSWER

_________________ is the high level document dated march 2014 that sets forth policy stating that RMF is to be used by DoD.

QUESTION 5

NIST SP 800-37

ANSWER

_________________ is the guide for applying RMF to Federal Information Systems.

QUESTION 6

Security Controls Explorer

ANSWER

Implementation of security controls specified in the security plan will be in accordance with DoD implementation guidance for each security control found on the _____________ _____________ _____________ page of the RMF Knowledge Service site.

QUESTION 7

- high level document that sets forth the policy - go-to source when working with RMF - None of the above

ANSWER

NIST Special Publication 800-37 is the: - high level document that sets forth the policy - guide for applying RMF to federal information systems - go-to source when working with RMF - None of the above

QUESTION 8

TRUE

ANSWER

Program Managers for programs acquiring information or platform IT systems in accordance with DoD Instruction 5000.02 must integrate the security engineering of cybersecurity requirements and cybersecurity testing considerations into the program's overall systems engineering process. (True or False)

QUESTION 9

All of the above

ANSWER

To increase overall efficiency and cost effectiveness of security control implementation: - use automated support tools - maximize communications - reference existing documentation All of the above

QUESTION 10

implement security controls

ANSWER

The THIRD step in the RMF process is to: - Categorize the system - approve security plan - Monitor security control - implement security controls

QUESTION 11

Mission Owner

ANSWER

Who must translate security control into system specifications, and ensure the successful integrations into the system design? - Program Manager - Mission Owner - Information Owner - Information System Owner

QUESTION 12

FALSE

ANSWER

It isn't important to address the proposed system security design in preliminary and critical design reviews. (True or False)

QUESTION 13

Information System Owner

ANSWER

Who has primary responsibility for the two tasks that comprise step 3 of the RMF? - Information System Owner - Information Owner - Mission Owner - Program Manager

Looking for a different version?

CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").

Search all study materials