Shopping Cart  [0]

Call 800.698.5501

Risk Management Framework RMF for DoD - Training Camp

MCSA Server 2016 Certification Training
TrainingCamp Twitter Feed

Our Risk Management Framework (RMF for DoD) Course is a 4-day comprehensive deep dive into DOD authorization process and is designed for students looking for a thorough understanding of the Risk Management Framework for DoD Information Technology.

During this course, the knowledge and strategies provided will allow the attendees to accurately and effectively apply cost-effective and appropriate security controls based on risk and best practices.

The day to day breakdown of this program is designed to be highly interactive, which will allow the attendees to apply the knowledge learned in 15 group real-world exercises. The course will also provide attendees with actual examples of the key documents required to complete the RMF processes.

In addition to our public course schedule , we can also offer Private Group Training for this training hosted at any location in the world, with no student minimum number.

Enrollment Information

 Training Pricing View Pricing
 Training Pricing Course Schedule

DoD RMF - 4

Duration: 4 days
GSA Catalog: GS-02F-0044T

Other Delivery Formats

Hosted Server 2016 Boot Camp Private Group Training

Training Partner


You Will Learn:
  • Authorization Process
  • Risk Management
  • Risk Assessment
  • Roles & Responsibilities

  • RMF tools
  • Categorize Information & Information Systems
  • Select, Implement, & Assess Security Controls
  • Authorize Information System
  • Monitor Security Controls

  • This course covers:
    DoDI 8510.01 - Risk Management Framework for DoD IT (14 March 2014)
    Committee of National Security Systems Instruction 1253 (CNSSI 1253)
    Security Categorization and Security Control Selection for National Security Systems (NSS) (27 March 2014)
    National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)

    DoD/Military Discounts
    We offer expanded options to maximize training budget, within micro-purchase threshold for Government & Military personnel

    Post 9/11 G.I. Bill
    Training Camp is approved by the PA State Board of Post Secondary Education, and the US Department of Veterans Affairs, to accept these education benefits for select programs in our Pennsylvania locations.

    Onsite Group Training
    Training Camp can offer customized RMF training for your and your team anywhere in the world starting with as few as 5 students.

    Course Outline

    Section 1: Understand Security Authorization

    a. Concept of Authorization Process
    b. Problem, Controls, Implement, Assess, Approve and Maintain
    c. Authorization Evolution
    e. Department of Defense (DoD) Risk Management Framework (RMF)
    f. DoD: DoDI 8500.01 and DoDI 8510.01
    g. CNSS: CNSSP-42, CNSSI-1253 and Appendix K Annexes, CNSSI-1253A, and CNSS 4009
    h. NIST: SP 800-18, SP 800-37, SP 800-39, SP 800-53, SP 800,53A, SP 800-137, and SP 800-160
    i. Roles and Responsibilities (NIST SP800-37 and DoD 8510.01)
    j. DoD and Component Chief Information Officers (CIO)
    k. Risk Executive (Function)
    l. DoD and Component Senior Information Security Officer (SISO)
    m. Authorizing Official (AO)
    n. AO Designated Representative (AODR)
    o. Information Owner (IO) /Steward
    p. Common Control Provider (CC Provider)
    q. Information System Security Manager (ISSM)
    r. Information System Owner (ISO)
    s. Information System Security Engineer ISSE)
    t. Security Control Assessor (SCA)
    u. User Representative (UR)
    v. RMF Tools - DoDI 8510.01
    w. eMASS and Information Assurance Support Environment (IASE)
    x. Security Processes and Concepts
    y. Adequate Security and Risk-Based Cost-Effective - OMB Circular A-130
    z. Security Objectives: Confidentiality, Integrity and Availability
    aa. Risk: Low, Moderate, and High
    ab. Privacy Rules: HIPAA and Personally Identifiable Information (PII)
    ac. Trust Relationships: Reciprocity and Documents
    ad. Defense-in-Depth
    ae. Risk Management (NIST SP800-39)
    af. Risk Assessment (NIST SP800-30)
    ag. Qualitative, Quantitative, and Quasi-Quantitative
    ah. Risk Assessment Group Exercise

    Section 2: RMF Step 1 - Categorize Information and Information System

    a. System Security Plan - SP 800-18, SP 800-37
    b. DoD IT Products, Services, and PIT- DoDI 8510.01
    c. Categorization - CNSSI-1243, FIPS 199, amd S{800-60
    d. Overlays- CNSSI- 1253 and SP800-53
    e. Risk Impact Factors- CNSSI-1253 and SP800-53
    f. Accreditation Boundaries - SP 800-18 and SP 800-37
    g. Boundary and Categorization Group Exercise
    h. Interconnecting Information Systems - SP 800-47
    i. Registration - SP 800-53
    j. Assigned Qualified Personnel- DoDD 8570.01 and DoDD 8140.01

    Section 3: RMF Step 2 - Select Security Controls

    a. Specific, Common and Hybrid Controls - SP 800-53, CNSSI-1253, and Sample SP
    b. Type Control Group Exercise
    c. Overlays - CNSSI-1253, SP 800-53, and Sample Overlay
    d. Selecting Security Controls - CNSSI-1253, FIPS-200, and SP 800-53
    e. Tailoring Controls - CNSSI-1252 and SP 800-53
    f. Tailoring Controls Group Exercise
    g. Compensating Controls- SP800-53
    h. Compensating Control Group Exercise
    i. Trustworthiness and Assurance - SP 800-53
    j. Monitored Control Selection - SP 800-37
    k. Approval and Registration- DoDI 8510.01
    l. Knowledge Services and eMASS

    Section 4: RMF Step 3 - Implement Security Controls

    a. Security Control Implementation - SP 800-53
    b. Control Documentation- SP800-18 and SP800-37
    c. Approved Configurations, Tests and Checklists - SP 800-70, eMASS and
    d. Security Content Automation Protocol (SCAP)- SP800-115 and SP800-117

    Section 5: RMF Step 4 - Assess Security Controls

    a. Assessment and Testing Methods - SP 800-53A and SP 800-115
    b. Vulnerability Tools and Techniques - SP 800-53A and SP 800-115
    c. Develop Security Assessment Plan and Report - SP 700-37 and Sample SAR
    d. Assessor Expertise and Independence - SP 800-37 and DoDI 8510.01
    e. Assess Security Control- SP800-53A and SP800-115
    f. Conduct Security Control Assessments - SP800-37 and SP800-53

    Section 6: RMF Step 5 - Authorize Information System

    a. Special DoD Systems- DoDI 8510.01
    b. Plan Of Actions and Milestones (POA&M) - OMB M-01-01 and Sample POA&M
    c. Security Authorization Package - SP 800-37 and DoDI 8510.01
    d. SSP, SAR, and POA&M
    e. Authorization - SP 800-37 and DoDI 8510-01
    f. Authority to Operate (ATO)
    g. Interim Authorization to Test (IATT)
    h. Denial of Approval to Operate (DATO)
    i. Special Authorizations - DoDI 8510.01
    j. Type Authorizations
    k. Platform Information Technology (PIT) Authorizations
    l. Contingency Strategies
    m. Group Contingency Deployment Group Exercises

    Section 7: RMF Step 6 - Monitor Security Controls

    a. Information Security Continuous Monitoring (ISCM) - SP 800-137 and HBSS
    b. Patch and Vulnerability Management - SP 800-40
    c. Cloud Computing- FedRAMP, FedRAMP+, SP800-53, and SRG
    d. DoD RMF Schedule, Status and Issues- DoDI 8510.01
    e. Appendixes
    f. Regulations and Standards
    g. Authorization Evolution
    h. DoD RMF Processes
    i. Risk Management Framework Steps and Tasks
    j. SDLC, RMF and FIPS/SP Pub Relationship Table
    k. Information Security Plan (SP) Template
    l. Control Families
    m. Plan of Action and Milestones (POA&M)
    n. Continuous Monitoring Action Samples
    o. Resources Schedule of Continuous Monitoring Actions
    p. Security Control Overlay Template
    q. Security Control Monitoring Frequencies
    r. Patch and Vulnerability Management ROI
    s. DoD Cybersecurity Glossary