The RMF was developed by the National Institute for Standards and Technology (NIST) to help DoD and Federal agencies manage risks to and from Information Technology (IT) systems more easily, efficiently and effectively. The Risk Management Framework provides a structured, yet flexible approach for managing the portion of risk resulting from the incorporation of information systems into the mission and business processes of the organization. Students will participate in exercises and real-time learning to managing risk, and ensuring that the confidentiality, availability and integrity of federal information and information systems. The course will introduce ideas to support the authorization of information systems, and the RMF tasks that support the selection, development, implementation, assessment, authorization, and ongoing monitoring of common controls inherited by organizational information systems. Students will be provided a system profile to learn the RMF process and how to apply key concepts. The training at SEMAIS provides a comprehensive learning methodology to capture these key tasks and requirements to accredit DoD Systems based on FIPS 199, NIST SP 800-60, NIST SP 800-37 Revision 1, NIST SP 800-39, NIST SP 800-30, NIST SP 800-34, NIST SP 800-53 Revision 3, and NIST SP 800-53A.
Learning Objectives
This test preparation course covers the ISC2 CAP training relevant to the corresponding professional certification exam:
- RMF Phase 1 - Categorize
- RMF Phase 2 - Select Baseline Controls
- RMF Phase 3 - Implement Security Controls
- RMF Phase 4 - Assess the Security Controls
- RMF Phase 5 - Authorize Systems Operations
- RMF Phase 6 - Monitor and Assess Selected Security Controls