1 1 00:00:00,270 --> 00:00:01,680 In step four, 2 2 00:00:01,680 --> 00:00:03,090 you'll implement the controls 3 3 00:00:03,090 --> 00:00:07,320 that you selected in RMF step three. 4 4 00:00:07,320 --> 00:00:11,550 Now, there are only two tasks in step number four. 5 5 00:00:11,550 --> 00:00:16,140 Task I-1 will end with all your controls implemented 6 6 00:00:16,140 --> 00:00:17,700 in your system. 7 7 00:00:17,700 --> 00:00:19,470 While you implement your controls, 8 8 00:00:19,470 --> 00:00:21,120 make sure that they're consistent 9 9 00:00:21,120 --> 00:00:24,780 with the intent of your organization's policies. 10 10 00:00:24,780 --> 00:00:26,700 And if you're implementing a control 11 11 00:00:26,700 --> 00:00:29,130 that is an off-the-shelf product, 12 12 00:00:29,130 --> 00:00:30,270 I want you to favor those 13 13 00:00:30,270 --> 00:00:32,460 that have been evaluated as safe 14 14 00:00:32,460 --> 00:00:36,750 by a trustworthy, independent, third party organization. 15 15 00:00:36,750 --> 00:00:40,680 Finally, take a look at your assurance requirements 16 16 00:00:40,680 --> 00:00:42,450 and make sure that the people developing 17 17 00:00:42,450 --> 00:00:46,080 and implementing the controls are doing so correctly 18 18 00:00:46,080 --> 00:00:50,010 and in compliance with your security requirements. 19 19 00:00:50,010 --> 00:00:55,010 The second and last task in step four is I-2. 20 20 00:00:55,380 --> 00:00:57,960 And during this task, you'll update your security 21 21 00:00:57,960 --> 00:01:01,050 and privacy plans with all the details 22 22 00:01:01,050 --> 00:01:03,240 of your implementation activities. 23 23 00:01:03,240 --> 00:01:06,630 After all, not everything you plan will be possible 24 24 00:01:06,630 --> 00:01:09,180 to complete as you intend it. 25 25 00:01:09,180 --> 00:01:11,790 So update your security and privacy plans 26 26 00:01:11,790 --> 00:01:15,240 with details describing how you actually implemented 27 27 00:01:15,240 --> 00:01:18,900 the controls that you selected in step three. 28 28 00:01:18,900 --> 00:01:21,750 I want you to include details about changes 29 29 00:01:21,750 --> 00:01:25,110 to planned inputs, the expected behavior, 30 30 00:01:25,110 --> 00:01:27,330 and the expected outputs. 31 31 00:01:27,330 --> 00:01:32,330 All right, that brings us to the end of step four of RMF, 32 32 00:01:32,850 --> 00:01:35,767 which is called implement controls.