• Classroom
  • Online, Instructor-Led
Course Description

This 4-Day Risk Management Framework (RMF) course is actually a dual RMF and (ISC)2 CAP course that will prepares students to pass the CAP Exam through a combination of lecture, review of the entire 7 domains, drill sessions, extensive mentoring, practice questions and answer sessions all topped off with a full practice exam. Our instructors don't just teach from a textbook, they design, write and update our curriculum. Our materials are always up to date and synchronized with the latest exam objectives. Our instructors are constantly updating our curriculum to match any change that may arise. Our bootcamp will provide the right amount of training needed for you to Test with Confidence.

Learning Objectives

  • DoD and Intelligence Community specific guidelines, Key concepts including assurance, assessment, authorization, Security controls
  • Cybersecurity Policy Regulations and Framework Security laws, policy, and regulations, DIACAP to RMF transition, ICD 503, CNSSI-1253, SDLC and RMF, Documents for cyber security guidance
  • RMF Roles and Responsibilities, Tasks and responsibilities for RMF roles, DoD RMF roles
  • Risk Analysis Process DoD organization-wide risk management, RMF steps and tasks, RMF vs. C&A
  • Categorize Step 1 key references Sample SSP: Security Categorization, Information System Description, Information System Registration Registering a DoD system
  • Select Step 2 key references: Common Control Identification, Select Security Controls, Monitoring Strategy, Security Plan Approval, Select Security Controls
  • Implement Step 3 key references: Security Control Implementation, Security Control Documentation, Implement Security Controls
  • Assess Step 4 key references About Assessment: Assessment Preparation, Security Control Assessment, Security Assessment Report, Remediation Actions, Assessment Preparation
  • Authorize Step 5 key references: Plan of Action and Milestones, Security Authorization Package, Risk Determination, Risk Acceptance, Authorizing Information Systems
  • Monitor Step 6 key references: Information System and Environment Changes, Ongoing Security Control Assessments, Ongoing Remediation Actions, Key Updates, Security Status Reporting, Ongoing Risk Determination and Acceptance, Information System Removal and Decommissioning Continuous Monitoring Security Automation, Monitoring Security Controls
  • RMF for DoD and Intelligence Community, eMASS, RMF Knowledge Service, DoD 8510.01, DFAR 252.204-7012, ICD 503, CNSSI-1253, FedRAMP, RMF within DoD and IC process review

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Customer Service and Technical Support
  • Cyber Defense Analysis
  • Risk Management
  • Systems Analysis
  • Training, Education, and Awareness


If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.