This course introduces attendees to the Risk Management Framework for Department of Defense for Information Technology also known as RDIT which has been adopted as the common information security framework for federal government and government contractors. Informative lectures address transitions from DIACAP, threat processes, risk management concepts, and the roles defined by RDIT. The six-step life cycle process is explored through presentations and hands-on exercises as attendees learn to categorize information systems, select security controls, implement controls, assess controls, authorize information systems, and monitor the security controls.
- Understand the six-step RMF process
- Identify similarities and differences between RMF and DIACAP
- Understand how RMF specifically applies to DoD IT systems
- Apply RMF steps through hands-on exercises and discussions