• Online, Instructor-Led
Course Description

STS Systems Support, LLC (SSS) offers a revised Mobile-Risk Management Framework for DoD Information Technology (RMF for DoD IT) Workshop. This intense 5-day Cybersecurity based workshop blends lecture, discussion and hands-on exercises to educate students on the new methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop compares and contrasts numerous aspects of the DoD C&A process (DIACAP), to the current methodology for categorizing information systems, selecting and implementing applicable security controls and establishing a Continuous Monitoring program. This workshop breaks down the methodology (into steps, tasks, outputs and responsible entities) and includes informative lectures, discussions and exercises which provide a functional understanding of Cybersecurity Risk Management, and the proper selection, implementation and validation of the current Security Controls as outlined on the RMF Knowledge Service and complimented by NIST Special Publications.

This course includes a Theoretical Military scenario that students utilize to build their Security Plan and POAM as well as learn to transition from the DIACAP 8500.2 control set to the SP 800-53 Rev4 (soon Rev5) control set. Computers are utilized during the training and a ResourceCD will be provided to the students with all publications and templates needed to complete their authorization packages once they get back to their work site.

Learning Objectives

Module 1: Intro to Continuous Monitoring (NIST SP 800-137)
• RMF for DoD IT Terms and Key Concepts for Module 1
• DoD & RMF Background
• Purpose and Applicability of DoDD 8500.1, DoDI 8500.2 and 8510.01
• Theoretical Military Installation (TMI) scenario introduction
• Summary of RMF for DoD IT Tasks
• Purpose and Applicability of CNSSP 22 and CNSSI 1253
• End of Module 1 Exercise

Module 2: RDIT Fundamentals
• RMF for DoD IT Terms and Key Concepts for Module 2
• RMF for DoD IT Roles and Responsibilities
• RMF for DoD IT Process Documentation
• TMI scenario (in DIACAP format used for transitioning to RMF for DoD IT)
• DoD IS and PIT
• Integrated Enterprise-Wide Risk Management
• End of Module 2 Exercise

Module 3: RDIT Extras
• RMF for DoD IT Terms and Key Concepts for Module 3
• Reciprocity of Assessments and Authorizations
• TMI DIACAP mapping SIP, DIP, POAM and Scorecard to RMF deliverables
• Transitioning (C&A) to Security Authorization
• RMF for DoD IT Knowledge Service
• End of Module 3 Exercise

Model 4: Working with the Security Controls
• RMF for DoD IT Terms and Key Concepts for Module 4
• NIST SP 800-53, Security Controls
• TMI Security Plan (SP) security control mapping, Security Control Assessor role building
the Security Assessment Plan (SAP) and the Security Assessment Report (SAR)
• NIST SP 800-53A, Assess Security Controls
• End of Module 4 Exercise

Model 5: RDIT Process—A Detailed Look
• TMI scenario final transition of RMF deliverables and POAM updates
• RMF for DOD IT Terms and Key Concepts for Module 5
• End of Course Exercise
• The RMF for DOD IT Process (Final wrap-up)
- Step 1: Categorize Information System
- Step 2: Select Security Controls
- Step 3: Implement Security Controls
- Step 4: Assess Security Controls
- Step 5: Authorize Information System
- Step 6: Monitor Security Controls

This course syllabus and curriculum are subject to change as more information about
the RMF for DoD IT process becomes available and as the reference

Framework Connections