Students Login 
Teacher Login
Breakthrough the Cyber Path with RMF
Risk Management Framework (RMF) Implementation 2022 focuses on the Risk Management Framework prescribed by NIST Standards.
Risk Management Framework (RMF) Implementation 2022 focuses on the Risk Management Framework prescribed by NIST Standards. The course can also be used as test preparation for the ISC2 Certified Authorization Professional (CAP) certification.
The 2022 edition is current as of February 2022. It was revised due to NIST producing new and updated publications over the preceding two years, including NIST Special Publication (SP) 800-37, R2; SP-800-53, R5; SP 800-160, versions 1 and 2; and SP 800-171, R1 (among others).
The course comes with a disk of reference materials including sample documents, NIST publications, and regulatory documents. Downloadable ancillary materials including a study guide and a References and Policies handout.
Course Objectives
Understand the Risk Management Framework for DoD IT Authorization process
Understand FISMA and NIST processes for authorizing Federal IT systems
Explain key roles and responsibilities
Explain statutory and regulatory requirements
Apply these principles to real-world activities and situations
Course Outline
Introduction
RMF overview
DoD- and IC- Specific Guidelines
Key concepts including assurance, assessment, authorization
Security controls
Cybersecurity Policy Regulations & Framework
Security laws, policy, and regulations
DIACAP to RMF
System Development Life Cycle (SLDC)
Documents for cyber security guidance
RMF Roles and Responsibilities
Tasks and responsibilities for RMF roles
Risk Analysis Process
Overview of risk management
Four-step risk management process
Tasks breakdown
Risk assessment reporting and options
Step 1 – Categorize
Step key references and overview
Sample SSP
Task 1-1: Security Categorization
Task 1-2: Information System Description
Task 1-3: Information System Registration
Lab: The Security Awareness Agency
Step 2 – Select
Step key references and overview
Task 2-1: Common Control Identification
Task 2-2: Select Security Controls
Task 2-3: Monitoring Strategy
Task 2-4: Security Plan Approval
Lab: Select Security Controls
Step 3 – Implement
Step key references and overview
Task 3-1: Security Control Implementation
Task 3.2: Security Control Documentation
Lab: Security Control Implementation
Step 4 – Assess
Step key references and overview
Task 4-1: Assessment Preparation
Task 4-2: Security Control Assessment
Task 4-3: Security Assessment Report
Task 4-4: Remediation Actions
Task 4-5: Final Assessment Report
Lab: Assessment Preparation
Step 5 – Authorize
Step key references and overview
Task 5-1: Plan of Action and Milestones
Task 5-2: Security Authorization Package
Task 5-3: Risk Determination
Task 5-4: Risk Acceptance DoD Considerations
Lab Step 5: Authorize Information Systems
Step 6 – Monitor
Step key references and overview
Task 6-1: Information System & Environment Changes
Task 6-2: Ongoing Security Control Assessments
Task 6-3: Ongoing Remediation Actions
Task 6-4: Key Updates
Task 6-5: Security Status Reporting
Task 6-6: Ongoing Risk Determination & Acceptance
Task 6-7: Information System Removal & Decommissioning
Continuous Monitoring
Security Automation Domains
Lab: Info System & Environment Changes
DoD/IC RMF Implementation
eMASS
RMF Knowledge Service
DoD/IC Specific Documentation
RMF within DoD and IC process review
Related Certifications
The course also includes notes for students studying to take the ISC2 Certified Authorization Professional (CAP) certification.
CAP – Certified Authorization Professional
Reviews
There are no reviews yet.