Overview of RMF, as defined by NIST 800-37r2. Each step in the process is discussed at a high level: 1. Categorize 2. Select 3. Implement 4. Assess 5. Authorize 6. Monitor An example of the Security Categorization for an Information Type of PHI is provided: Security Categorization (PHI) = (confidentiality, High), (integrity, High), (availability, Low) NIST 800-37r2: Alpine Security Certified Authorization Professional (CAP) course: The CAP course fulfills DoD 8570 IAM Level 1 and 2 requirements: Alpine Security is now a wholly owned member of the CISO Global family of companies.