• duration
    4 days
  • Award Winning
    RMF Courseware
  • (ISC)2 CAP
    Exam Review
  • DoD/IC Focused RMF
    Boot Camp

Learn the DoD/IC authorization process and gain an understanding of the Risk Management Framework.

Risk Management Framework (RMF) V2.0 for DoD/IC

Our Risk Management Framework (RMF) V2.0 for DoD/IC Course is a 4-day comprehensive deep dive into the Risk Management Framework prescribed by NIST Standards, with a focus on how this is implemented within the Department of Defense (DoD) and Intelligence Communities (IC).

During this course, the knowledge and strategies provided will allow the attendees to accurately and effectively apply cost-effective and appropriate security controls based on risk and best practices.

This course is current as of March 2019. It was revised due to NIST producing new and updated publications over the preceding two years, including SP 800-37, rev. 2; SP-800-53, rev. 5; SP 800-160, V1 and V2; and SP 800-171, rev. 1 (among others). It was also revised due to additional DoD updates to DODI 8510.01.

What’s Included

Proprietary RMF Courseware
Sample RMF Process Documents
Group Study/Lab Guide Book
(ISC)² CAP Exam Review

Why Training Camp?

With our 20 years of training experience, our team is experienced in the nuances of government information security and compliance. Our goal is to surpass expectations and earning the trust placed in being a partner in your success.

Need dedicated training?

Our Risk Management Framework (RMF) 2.0 training can be delivered to your site or virtually in a private-group setting, customized to meet your organization’s learning objectives. Save up to 40% and your satisfaction is GUARANTEED!

Click to learn more about our group training.

training features

  • Understand the Risk Management Framework for DOD IT Authorization process

  • Explain statutory and regulatory requirements

  • Apply these principles to real-world activities and situations



Learn Risk Management Framework (RMF), Fast

The Risk Management Framework provides a process that integrates security and risk management activities into the system development life cycle. The risk-based approach to security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.

  • Award Winning Instructors

    This RMF course was created by a security expert with more than 30-years’ experience. As the creator and professor of the first graduate computer security course as adjunct faculty with a major Ivy League university, he served in the military for over twenty years and was a project manager for the NSA for five years.

  • (ISC)²'s CAP Exam Support

    This course is updated with the most relevant content to ensure your move to RMF is successful. This course may also be used as a certification preparation for (ISC)²'s CAP program.

Risk Management Framework (RMF) V2.0 for DoD/IC Outline

Chapter 1: Introduction
• RMF overview
• DoD- and IC- Specific Guidelines
• Key concepts including assurance, assessment, authorization
• Security controls

Chapter 2: Cybersecurity Policy Regulations & Framework
• Security laws, policy, and regulations
• System Development Life Cycle (SLDC)
• Documents for cyber security guidance

Chapter 3: RMF Roles and Responsibilities
• Tasks and responsibilities for RMF roles

Chapter 4: Risk Analysis Process
• Overview of risk management
• Four-step risk management process
• Tasks breakdown
• Risk assessment reporting and options

Chapter 5: Step 1: Categorize
• Step key references and overview
• Sample SSP
• Task 1-1: Security Categorization
• Task 1-2: Information System Description
• Task 1-3: Information System Registration
• Lab: The Security Awareness Agency

Chapter 6: Step 2: Select
• Step key references and overview
• Task 2-1: Common Control Identification
• Task 2-2: Select Security Controls
• Task 2-3: Monitoring Strategy
• Task 2-4: Security Plan Approval
• Lab: Select Security Controls

Chapter 7: Step 3: Implement
• Step key references and overview
• Task 3-1: Security Control Implementation
• Task 3.2: Security Control Documentation
• Lab: Security Control Implementation

Chapter 8: Step 4: Assess
• Step key references and overview
• Task 4-1: Assessment Preparation
• Task 4-2: Security Control Assessment
• Task 4-3: Security Assessment Report
• Task 4-4: Remediation Actions
• Task 4-5: Final Assessment Report
• Lab: Assessment Preparation

Chapter 9: Step 5: Authorize
• Step key references and overview
• Task 5-1: Plan of Action and Milestones
• Task 5-2: Security Authorization Package
• Task 5-3: Risk Determination
• Task 5-4: Risk Acceptance
• DoD Considerations
• Lab Step 5: Authorize Information Systems

Chapter 10: Step 6: Monitor
• Step key references and overview
Task 6-1: Information System & Environment Changes
• Task 6-2: Ongoing Security Control Assessments
• Task 6-3: Ongoing Remediation Actions
• Task 6-4: Key Updates
• Task 6-5: Security Status Reporting
• Task 6-6: Ongoing Risk Determination & Acceptance
• Task 6-7: Information System Removal & Decommissioning
• Continuous Monitoring
• Security Automation Domains
• Lab: Info System & Environment Changes

Chapter 11: DoD/IC RMF Implementation
• RMF Knowledge Service
• DoD/IC Specific Documentation
• RMF within DoD and IC process review

Appendix A: Supplement Reference
Appendix B: Acronym Reference
Appendix C: RMF Process Checklists by Step
Appendix D: Answer Keys
Answers to Review Questions
Lab Exercise Answers

  • View Pricing/Schedule

    Check out dates and locations for this program

    See dates

    More information about bringing an event to you.

    More Information
  • Register Now

    Enroll now and start your learning adventure

    Start Here


As a veteran Training Camp offered me the opportunity to enhance my learning and change my field of work into a rapidly growing market. Definitely worth it!
Brandon McCartney
Although the course material is tough and sometimes seems daunting, the instructors are effective in getting through it.
Daniel Y
The training camp experience was great, informative, and just what I needed to jump start my training in RMF.
Lionel B HMS
The Training Camp experience was well organized and super-informative. The instructor's experience and ability to communicate made the training worth more than it's weight in gold! I highly recommend the CISSP course at Training Camp!
CL SecureStrux, LLC
CISSP instructor Ross Everett-knowledgeable, thorough and very easily understood. The location of class room was great in the metro D.C. Area. Hotel package was a fantastic deal. Going to return for cloud certs in no time.
Jia Hedman Leidos
I recommend taking this boot camp with Training Camp. The instructor was excellent, answered any questions that came up, discussed the topics thoroughly and was clear about the subject matter we were to cover.
HS U.S. Army
A must stop-by resort before any certification test. Teachers teach you something for life, rather than only for certification.
Zubir Ahmad
Training camp got me up to speed on the domains that I hadn't had tons of experience and in the end this made all the difference to ensure I attained my certification.
JS EZe Software Group
The Training Camp provided a great training environment for my Security+ certification. Feeding me information and knowledge through a fire hose was exactly what was needed for my study style. I will definitely consider Training Camp in the future.
Luke Swearingen Harris
The class was very interactive with students providing their real world experience to supplement the course material.
Chris Louie IronKey by Imation
01 010