1. The RMF provides a disciplined and structured process that combines information system (IS) security and risk management activities into the system development life cycle and authorizes their use within DoD. The RMF has six steps: categorize system, select security controls, implement security controls, assess security controls, authorize system, and monitor security controls. 2. A structured approach used to oversee and manage risk for an enterprise.