3.4 IMPLEMENT
Purpose
The purpose of the Implement step is to implement the controls in the security and privacy plans for the system and for the organization and to document in a baseline configuration, the specific details of the control implementation.
IMPLEMENT TASKS
Table 5 provides a summary of tasks and expected outcomes for the RMF Implement step. Applicable Cybersecurity Framework constructs are also provided.
TABLE 5: IMPLEMENT TASKS AND OUTCOMES
| Tasks | Outcomes | |||
| TASK I-1 CONTROL IMPLEMENTATION | • Controls specified in the security and privacy plans are implemented. [Cybersecurity Framework: PR.IP-1] • Systems security and privacy engineering methodologies are used to implement the controls in the system security and privacy plans. [Cybersecurity Framework: PR.IP-2] | |||
| TASK I-2 UPDATE CONTROL IMPLEMENTATION INFORMATION | • Changes to the planned implementation of controls are documented. [Cybersecurity Framework: PR.IP-1] • The security and privacy plans are updated based on information obtained during the implementation of the controls. [Cybersecurity Framework: Profile] | |||
Quick link to summary table for RMF tasks, responsibilities, and supporting roles.