RMF for DoD IT
RMF for DoD IT
Kratos SecureInfo offers a revised Risk Management Framework for DoD Information Technology (RMF for DoD IT) Workshop. This intense Cybersecurity-based workshop blends lecture, discussion, and hands-on exercises to educate students on the new methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications.
The workshop compares and contrasts numerous aspects of the current DoD C&A process (DIACAP), to the new methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program.
This workshop breaks down the methodology (into steps, tasks, outputs, and responsible entities) and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the RMF Knowledge Service and complimented by NIST Special Publications.
This course includes a Theoretical Military scenario that students utilize to build their Security Plan and POAM as well as learn how to transition from the DIACAP 8500.2 control set to the 800-53 Rev4 control set. Computers are utilized during the training and a Resource CD will be provided to the students with all publications and templates needed to complete their authorization packages once they get back to their work site.
Module 1: Introduction to Continuous Monitoring (NIST SP 800-137) • RMF for DOD IT Terms and Key Concepts for Module 1 • Summary of RMF for DOD IT Tasks • DoD & RMF Background • Purpose and Applicability of CNSSP 22, and CNSSI 1253 • Purpose and Applicability of DoDD 8500.1, DoDI 8500.2 and 8510.01 • End of Module 1 Exercise • Theoretical Military Installation (TMI) scenario introduction (System description, hardware, software, firmware and architecture)
Module 2: RDIT Fundamentals • RMF for DOD IT Terms and Key Concepts for Module 2 • DoD IS and PIT • RMF for DOD IT Roles and Responsibilities • Integrated Enterprise-Wide Risk Management • RMF for DOD IT Process Documentation • End of Module 2 Exercise • TMI scenario (In DIACAP format used for transitioning to RMF for DOD IT)
Module 3: RDIT Extras • RMF for DOD IT Terms and Key Concepts for Module 3 • Transitioning (C&A) to Security Authorization • Reciprocity of Assessments and Authorizations • RMF for DOD IT Knowledge Service • TMI DIACAP mapping SIP, DIP, POAM and Scorecard to RMF deliverables • End of Module 3 Exercise
Module 4: Working with the Security Controls • RMF for DOD IT Terms and Key Concepts for Module 4 • NIST SP 800-53A, Assessing Security Controls • NIST SP 800-53, Security Controls • End of Module 4 Exercise • TMI Security Plan (SP) security control mapping, Security Control Assessor role building the Security Assessment Plan (SAP) and the Security Assessment Report (SAR)
Module 5: RDIT Process - A Detailed Look • TMI scenario final transition of RMF deliverables and POAM updates • The RMF for DOD IT Process (Final wrap-up) Step 1: Categorize Information System Step 2: Select Security Controls Step 3: Implement Security Controls Step 4: Assess Security Controls Step 5: Authorize Information System Step 6: Monitor Security Controls • RMF for DOD IT Terms and Key Concepts for Module 5 • End of Course Exercise
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.