You are implementing an organizational-wide risk management strategy, and you are using the NIST Risk Management Framework (RMF). You have just completed step 1 of the RMF, categorize information systems. Which of the following steps should you complete next in the RMF sequence?
A. Authorize system
B. Assess security controls
C. Continuous monitoring
D. Select security controls