This course provides an overview of information security and risk management and proceeds to a high-level view of RMF for DoD IT. Discussion is centered on RMF for DoD IT policies, roles and responsibilities, along with key publications from the National institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The class includes high-level discussion of the RMF for DoD IT -life cycle, including security authorization (aka. certification and accreditation), along with the RMF documentation package and NIST security controls.
Each student will gain an in depth knowledge of the relevant DoD, NIST and CNSS publications along with the practical guidance needed to implement them in the work environment. Each life cycle activity in the DoD Instruction 8510.01 (RMF for DoD IT) is covered in detail, as is each component of the corresponding documentation package. NIST Special Publication (SP) 800-53 Security Controls, along with corresponding assessment procedures, are covered in detail, as are CNSS Instruction 1253 enhancements. Specific attention is paid to the process of transition from DIACAP to RMF, as will as the application of the eMASS tool to various aspects of the RMF life cycle. Class participation exercises and collaboration reinforce key concepts.