• Classroom
  • Online, Instructor-Led
Course Description

This is an intense, 3-day instructor-led RMF - Risk Management Framework for the DoD Course. The RMF was developed by the National Institute for Standards and Technology (NIST) to help organizations manage risks to and from Information Technology (IT) systems more easily, efficiently and effectively. The selection and specification of security controls for an information system is accomplished as part of an organization-wide information security program that involves the management of organizational risk. The risk to the organization or to individuals associated with the operation of an information system. The management of organizational risk is a key element in the organization's information security program and provides an effective framework for selecting the appropriate security controls for an information system, the security controls necessary to protect individuals and the operations and assets of the organization. This boot camp is geared for the Government, Military and Contractors seeking 8570 compliance. Classes are scheduled across the USA and also live online.

Have a group of 5 or more people? Let us know and we can deliver a PRIVATE SESSION at your location.

Training includes:

  • The RMF Training in the Industry
  • Instruction by a High-Level Certified RMF Expert
  • Risk Management Courseware - continually updated
  • Practice and skill development
  • (ISC)2 CAP Exam can be added
  • Class hours: 8:30 - 4:30 daily
  • Snacks and beverages provided daily
  • Follow on Course - (ISC)2 CISSP
  • This class also lines up with the (ISC)2 CAP exam objectives

Learning Objectives

Upon completion of the RMF - Risk Management Framework Course, you will demonstrate competence and learn to master:

  • DoD and Intelligence Community specific guidelines
  • Key concepts including assurance, assessment, authorization, security controls
  • Cybersecurity Policy Regulations and Framework Security laws, policy, and regulations
  • DIACAP to RMF transition, ICD 503, CNSSI-1253, SDLC and RMF
  • Documents for cyber security guidance
  • RMF Roles and Responsibilities, Tasks and responsibilities for RMF roles, DoD RMF roles
  • Risk Analysis Process DoD organization-wide risk management, RMF steps and tasks, RMF vs. C&A
  • Categorize Step 1 key references Sample SSP: Security Categorization, Information System Description, Information System Registration Registering a DoD system
  • Select Step 2 key references: Common Control Identification, Select Security Controls, Monitoring Strategy, Security Plan Approval, Select Security Controls
  • Implement Step 3 key references: Security Control Implementation, Security Control Documentation, Implement Security Controls
  • Assess Step 4 key references About Assessment: Assessment Preparation, Security Control Assessment, Security Assessment Report, Remediation Actions, Assessment Preparation
  • Authorize Step 5 key references: Plan of Action and Milestones, Security Authorization Package, Risk Determination, Risk Acceptance, Authorizing Information Systems
  • Monitor Step 6 key references: Information System and Environment Changes, Ongoing Security Control Assessments, Ongoing Remediation Actions, Key Updates, Security Status Reporting, Ongoing Risk Determination and Acceptance, Information System Removal and Decommissioning Continuous Monitoring Security Automation, Monitoring Security Controls
  • RMF for DoD and Intelligence Community, eMASS, RMF Knowledge Service, DoD 8510.01, DFAR 252.204-7012, ICD 503, CNSSI-1253, FedRAMP, RMF within DoD and IC process review

Framework Connections