The six steps that comprise the RMF include:

1. System Categorization;
2. Security Control Selection;
3. Security Control Implementation;
4. Security Control Assessment;
5. System Authorization; and
6. Security Control Monitoring