RMF - Risk Management Framework for the DoD

Upon completion of the RMF - Risk Management Framework Course, you will demonstrate competence and learn to master:

• DoD and Intelligence Community specific guidelines
• Key concepts including assurance, assessment, authorization, security controls
• Cybersecurity Policy Regulations and Framework Security laws, policy, and regulations
• DIACAP to RMF transition, ICD 503, CNSSI-1253, SDLC and RMF
• Documents for cyber security guidance
• RMF Roles and Responsibilities, Tasks and responsibilities for RMF roles, DoD RMF roles
• Risk Analysis Process DoD organization-wide risk management, RMF steps and tasks, RMF vs. C&A
• Categorize Step 1 key references Sample SSP: Security Categorization, Information System Description, Information System Registration Registering a DoD system
• Select Step 2 key references: Common Control Identification, Select Security Controls, Monitoring Strategy, Security Plan Approval, Select Security Controls
• Implement Step 3 key references: Security Control Implementation, Security Control Documentation, Implement Security Controls
• Assess Step 4 key references About Assessment: Assessment Preparation, Security Control Assessment, Security Assessment Report, Remediation Actions, Assessment Preparation
• Authorize Step 5 key references: Plan of Action and Milestones, Security Authorization Package, Risk Determination, Risk Acceptance, Authorizing Information Systems
• Monitor Step 6 key references: Information System and Environment Changes, Ongoing Security Control Assessments, Ongoing Remediation Actions, Key Updates, Security Status Reporting, Ongoing Risk Determination and Acceptance, Information System Removal and Decommissioning Continuous Monitoring Security Automation, Monitoring Security Controls
• RMF for DoD and Intelligence Community, eMASS, RMF Knowledge Service, DoD 8510.01, DFAR 252.204-7012, ICD 503, CNSSI-1253, FedRAMP, RMF within DoD and IC process review