Applying the Risk Management Framework (RMF) and NIST Controls

This course is focused on the transition from DIACAP to RMF that is taking place within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC). This course is designed to provide Cybersecurity and Information Assurance Professionals that are responsible for implementing the unified federal Risk Management Framework (RMF) the knowledge and practice needed to apply the relevant DoD, NIST and CNSS publications to their work environment. Students gain an understanding of the Risk Management Framework; associated risk management and assessment processes; implementation practices, techniques and technologies; roles and responsibilities; and artifacts development leading to U.S. Government information system authorization. Student learn and discuss the RMF six (6) step process integrated with the System Development Life Cycle to include roles and responsibilities; references; and guidelines. They complete exercises relevant to executing the RMF, for example how to categorize an information system, select security controls, and completing RMF artifacts for system authorization. Student will also learn and discuss the technologies, best practices, and procedures used in the implementing the RMF. Other topics include life cycle activities in the DoD Instruction 8510.01 (RMF for DoD IT) NIST Special Publication (SP) 800-53 Security Controls, NIST assessment procedures, and enhancements to CNSS Instruction 1253. Training will include lectures and class discussions, class hands-on activities as well as individual hands on activities, case studies, and individual and team exercises.