• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course concentrates on understanding the NIST Risk Management Framework (RMF) and the activities required to meet FISMA requirements. It includes an overview of the Risk Management Framework (RMF) from NIST SP 800-37, various system types, application scanning, security readiness reviews and vulnerability scanning. The course provides an in-depth explanation of each control identified in NIST SP 800-53 to include what method should be used to test, what evidence should be gathered, and how to more efficiently and effectively test Federal information systems and infrastructure.

The curriculum will prepare the student to understand the process for applying the RMF to Federal information systems. The course can include a CNSS plug-in module addressing the Intelligence Community specific requirements.

Learning Objectives

  • Module 1: Critical Definitions
    • Know critical definitions
    • Identify impact of change on information systems security and the authorization process
  • Module 2: The Policies
    • Identify tasks in the RMF
    • Identify relevant NIST Special Publications and other policy documents
  • Module 3: Introducing Risk
    • Identify the elements of the Risk Management Framework (RMF)
    • Know the role of the Risk Executive Function
    • Define Risk Tolerance
  • Module 4: Roles and Responsibilities
    • Identify participants in the RMF
    • Define the roles and responsibilities associated with the RMF
  • Module 5: System Authorization of Federal Information Systems
    • Know the six steps of the RMF process
    • Identify tasks for each of the steps
  • Module 6: Reciprocity
    • Identify the goals of reciprocity
    • Know the requirements for reciprocity
    • Hands-On Exercise
      • Apply knowledge in a CAPSTONE exercise

Framework Connections