Risk Management Framework (RMF) is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).
RMF is an integral part of the implementation of FISMA, the Federal Information Security Management Act, and is based on publications of the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS).
The RMF for Federal Agencies training program is suitable for federal employees and contractors in non-DoD “civil” agencies and the intelligence community. The full program consists of a one-day RMF for Federal Agencies – Fundamentals class, followed by a three-day RMF for Federal Agencies – In Depth class.
The Foundation Of Information Security and Risk Management
FIPS and NIST SP
Introduction to the Risk Management Framework (RMF)
Introduction to Security Controls
Key Roles in RMF
RMF Roles and Responsibilities in detail
Risk Management Overview
RMF Implementation – NIST SP 800-37
Step 1 – Categorize (FIPS 199 & NIST SP 800-60)
Step 2 – Select (NIST SP 800-53 Rev 4)
Step 3 – Implement
Step 4 – Assess (NIST SP 800-53A)
Step 5 – Authorize
Step 6 – Monitor (NIST SP 800-137)
System Security Plan (SSP) – NIST SP 800-18
Security Assessment Report
Risk Assessment – NIST SP 800-30
Plan of Action and Milestones
Transmittal and Decision Letters
NIST SP 800-53 Security Controls
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.