This course is focused on the transition from DIACAP to RMF that is taking place within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC). This course is designed to provide Cybersecurity and Information Assurance Professionals that are responsible for implementing the unified federal Risk Management Framework (RMF) the knowledge and practice needed to apply the relevant DoD, NIST and CNSS publications to their work environment. Students gain an understanding of the Risk Management Framework; associated risk management and assessment processes; implementation practices, techniques and technologies; roles and responsibilities; and artifacts development leading to U.S. Government information system authorization. Student learn and discuss the RMF six (6) step process integrated with the System Development Life Cycle to include roles and responsibilities; references; and guidelines. They complete exercises relevant to executing the RMF, for example how to categorize an information system, select security controls, and completing RMF artifacts for system authorization. Student will also learn and discuss the technologies, best practices, and procedures used in the implementing the RMF. Other topics include life cycle activities in the DoD Instruction 8510.01 (RMF for DoD IT) NIST Special Publication (SP) 800-53 Security Controls, NIST assessment procedures, and enhancements to CNSS Instruction 1253. Training will include lectures and class discussions, class hands-on activities as well as individual hands on activities, case studies, and individual and team exercises.
Learning Objectives
Provides Cybersecurity and Information Assurance Professionals that are responsible for implementing the unified federal Risk Management Framework (RMF) the knowledge and practice needed to apply the relevant DoD, NIST and CNSS publications to their work environment.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.