• Classroom
  • Online, Instructor-Led
Course Description

Risk Management Framework (RMF) is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).

RMF is an integral part of the implementation of FISMA, the Federal Information Security Management Act, and is based on publications of the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS).

The RMF for Federal Agencies training program is suitable for federal employees and contractors in non-DoD ?civil? agencies and the intelligence community. The fall program consists of a one-day RMF for Federal Agencies ? Fundamentals class, followed by a three-day RMF for Federal Agencies ? In Depth class.

Learning Objectives

  • The Foundation Of Information Security and Risk Management
  • Understanding FISMA
  • FIPS and NIST SP
  • Security Compliance
  • Introduction to the Risk Management Framework (RMF)
  • Introduction to Security Controls
  • Key Roles in RMF
  • RMF Documentation
  • Resources
  • RMF Roles and Responsibilities in detail
  • Risk Management Overview
  • RMF Implementation ? NIST SP 800-37
  • Step 1 ? Categorize (FIPS 199 & NIST SP 800-60)
  • Step 2 ? Select (NIST SP 800-53 Rev 4)
  • Step 3 ? Implement
  • Step 4 ? Assess (NIST SP 800-53A)
  • Step 5 ? Authorize
  • Step 6 ? Monitor (NIST SP 800-137)
  • RMF documentation
  • System Security Plan (SSP) ? NIST SP 800-18
  • Security Assessment Report
  • Risk Assessment ? NIST SP 800-30
  • Plan of Action and Milestones
  • Transmittal and Decision Letters
  • Supporting Documentation
  • NIST SP 800-53 Security Controls
  • Management Controls
  • Operational Controls
  • Technical Controls
  • Assessment Procedures
  • Resources
  • Security Tools
  • Practical Guidance
  • Case Study

Framework Connections