Course Description
RMF is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).
Learning Objectives
- Information Security Concepts
- Security Authorization (Ciampa) Concepts and Standards
- Introduction to FISMA and RMF
- Introduction to RMF for DoD IT
- DoD, NIST and CNSS Publications
- Life-Cycle Activities (DoDI 8510.01 and NIST SP 800-37)
- Documentation
- NIST Security Controls (NIST SP 800-53 Rev. 4))
- RMF Resources and Tools (incl. Knowledge Service, eMASS)
- Transition from DIACAP to RMF DoD, NIST and CNSS Publications
- Roles and Responsibilities
- System Boundary Definition
- RMF for DoD IT Process (DoDI 8510.01)
- RMF Life Cycle (NIST SP 800-37)
- RMF for DoD IT Documentation
- System Categorization and Security Control Selection (CNSSI 1253)
- NIST Security Controls (SP 800-53 Rev. 4), implementation and assessment
- RMF Resources and Tools
- Security Testing Tools
- DIACAP to RMF Transition Strategy and Implementation