7.AuthorizeA. Information systems and internal information are grouped based on

7.AuthorizeA. Information systems and internal information are grouped based on impact. 8.SupplementB. The step where an initial set of security controls for the information system are chosen and tailored to obtain a starting point for required controls 9.MonitorC. Assess the risk and local conditions including the security requirements specific threat information and costbenefit analysis to increase or decrease security controls. 10.CategorizeD. Step where the original and supplement controls are put in writing 11.DocumentE. Original and supplement controls are applied to the system. 12.SelectF. Security controls are evaluated to see if they are implemented correctly and are operating as intended. 13.AssessG. Evaluation of risk to organizational operations organizational assets or individuals that leads to this action 14.ImplementH. Requires checking and assessing the selected security controls in the information system on a continuous basis