This course concentrates on understanding the NIST Risk Management Framework (RMF) and the activities required to meet FISMA requirements. It includes an overview of the Risk Management Framework (RMF) from NIST SP 800-37, various system types, application scanning, security readiness reviews and vulnerability scanning. The course provides an in-depth explanation of each control identified in NIST SP 800-53 to include what method should be used to test, what evidence should be gathered, and how to more efficiently and effectively test Federal information systems and infrastructure.
The curriculum will prepare the student to understand the process for applying the RMF to Federal information systems. The course can include a CNSS plug-in module addressing the Intelligence Community specific requirements.
Module 1: Critical Definitions
Know critical definitions
Identify impact of change on information systems security and the authorization process
Module 2: The Policies
Identify tasks in the RMF
Identify relevant NIST Special Publications and other policy documents
Module 3: Introducing Risk
Identify the elements of the Risk Management Framework (RMF)
Know the role of the Risk Executive Function
Define Risk Tolerance
Module 4: Roles and Responsibilities
Identify participants in the RMF
Define the roles and responsibilities associated with the RMF
Module 5: System Authorization of Federal Information Systems
Know the six steps of the RMF process
Identify tasks for each of the steps
Module 6: Reciprocity
Identify the goals of reciprocity
Know the requirements for reciprocity
Apply knowledge in a CAPSTONE exercise
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.