The Risk Management Framework (RMF) provides a disciplined, structured and flexible process for managing security and privacy risk. It includes information security categorization; control selection, implementation and assessment; system and common control authorizations; and continuous monitoring. It includes activities to prepare organizations to execute the framework at appropriate risk management levels. This learning path explains the RMF steps and its processes (aka tasks) which link essential risk management processes at the system level to risk management processes at the organization level. This learning path explains the Risk Management Framework (RMF) and its processes and provides guidance for applying the RMF to information systems and organizations.