RMF step 3 - Implement controls

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • After you have selected controls for implementation and performed any of the possible actions on them, you can implement the controls.

    Before you begin

    Role required: sn_irm_cont_auth.information_type, sn_irm_cont_auth.information_owner, or sn_irm_cont_auth.admin

    About this task

    When approval was received on the Authorization Package form, a Percentage of controls implemented field and a Controls related list appeared on the form.

    The Controls related list contains all of the controls created from the control objectives within the selected authorization boundary.

    Procedure

    1. From the list of controls, select the control number (with a CTRL prefix) to open the control.
      Control
    2. The implementation process performed by your system owner and other technical or security personnel employs the control management workflow inherent in the base GRC system.

      For details, see the following:

    3. The Percentage of controls implemented field keeps track of your progress while you implement the controls.
    4. After you have completed the implementation process for all controls, select Assess to transition the package to the Assess state.

      To send the package back to the Select state, select Back to previous step. All active controls will be retired and the package must get approval to advance again to the Implement state.