• Classroom
  • Online, Instructor-Led
Course Description

The four day DoD RMF Course provides an introduction to the new DoD RMF process for securing military systems (DoDI 8500.01 and DoDI 8510.01). It includes samples of key documents (Security Plan, Security Assessment Report, POA&M, and Information Security Continuous Monitoring Plan). The DoD RMF process is based the key concepts of mission- and risk-based, cost-effective, and enterprise information system security. Uniquely this new process was developed with the progressive visions that future information systems will have: Automated presentation of security status; Proactive and preventative configuration control to prevent unauthorized changes; Automated updating and patching; Near-real-time awareness from an enterprise level; and, Continuous security authorization.

This class was written specifically based on all the above instructions and related NIST Special Publications with the purpose of providing individuals with the knowledge to understand the DoD RMF process and implement the same for their systems. The course has been augmented with hands-on labs using successful strategies and real-world samples of key documents (i.e., Security Plan (SP), Security Assessment Reports (SAR), Plan of Action and Milestones (POA&M), Overlays, and Information Security Continuous Monitoring Plans (ISCMP)). These help to ensure this class supports the all the personnel at the DoD Component levels from the Chief Information Officer (CIO) and Authorizing Official (AO) to the Information System Owner (ISO) and User Representative (UR) in understanding the process and their responsibilities in implementing the DoD RMF process.

Learning Objectives

  • Understand the authorization process                      
  • Understand Rick management and Risk Assessment                                                                              
  • Understand roles and responsibilities                     
  • Utilize RMF tools                                                                
  • Categorize information                                                   
  • Select, Implement, Assess, and monitor security controls 

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Risk Management
  • Cybersecurity Management
  • Strategic Planning and Policy

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.