• Classroom
  • Online, Instructor-Led
Course Description

RMF is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).

Learning Objectives

  • Information Security Concepts
  • Security Authorization (Ciampa) Concepts and Standards
  • Introduction to FISMA and RMF
  • Introduction to RMF for DoD IT
  • DoD, NIST and CNSS Publications
  • Life-Cycle Activities (DoDI 8510.01 and NIST SP 800-37)
  • Documentation
  • NIST Security Controls (NIST SP 800-53 Rev. 4))
  • RMF Resources and Tools (incl. Knowledge Service, eMASS)
  • Transition from DIACAP to RMF DoD, NIST and CNSS Publications
  • Roles and Responsibilities
  • System Boundary Definition
  • RMF for DoD IT Process (DoDI 8510.01)
  • RMF Life Cycle (NIST SP 800-37)
  • RMF for DoD IT Documentation
  • System Categorization and Security Control Selection (CNSSI 1253)
  • NIST Security Controls (SP 800-53 Rev. 4), implementation and assessment
  • RMF Resources and Tools
  • Security Testing Tools
  • DIACAP to RMF Transition Strategy and Implementation

Framework Connections