Rick Management Framework (RMF) V2.0 for Federal Agencies Outline
Chapter 1: Introduction
• RMF review
• Key concepts such as assurance, assessment, authorization
• Security controls
Chapter 2: Cybersecurity Policy Regulations & Framework
• Security policy, law, and regulations
• System Development Life Cycle (SLDC)
• Documents for cyber security guidance
Chapter 3: RMF Roles and Responsibilities
• Tasks and responsibilities for RMF roles
Chapter 4: Risk Analysis Process
• Risk management overview
• Risk management process in four steps
• Tasks breakdown
• Risk assessment reporting and options
Chapter 5: Step 1: Categorize
• Step key references and overview
• Sample SSP
• Task 1-1: Security Categorization
• Task 1-2: Information System Description
• Task 1-3: Information System Registration
• Lab: The Security Awareness Agency
Chapter 6: Step 2: Select
• Step key references and overview
• Task 2-1: Common Control Identification
• Task 2-2: Select Security Controls
• Task 2-3: Monitoring Strategy
• Task 2-4: Security Plan Approval
• Lab: Select Security Controls
Chapter 7: Step 3: Implement
• Step key references and overview
• Task 3-1: Security Control Implementation
• Task 3.2: Security Control Documentation
• Lab: Security Control Implementation
Chapter 8: Step 4: Assess
• Step key references and overview
• Task 4-1: Assessment Preparation
• Task 4-2: Security Control Assessment
• Task 4-3: Security Assessment Report
• Task 4-4: Remediation Actions
• Task 4-5: Final Assessment Report
• Lab: Assessment Preparation
Chapter 9: Step 5: Authorize
• Step key references and overview
• Task 5-1: Plan of Action and Milestones
• Task 5-2: Security Authorization Package
• Task 5-3: Risk Determination
• Task 5-4: Risk Acceptance
• Lab Step 5: Authorizing Information Systems
Chapter 10: Step 6: Monitor
• Step key references and overview
• Task 6-1: Information System & Environment Changes
• Task 6-2: Ongoing Security Control Assessments
• Task 6-3: Ongoing Remediation Actions
• Task 6-4: Key Updates
• Task 6-5: Security Status Reporting
• Task 6-6: Ongoing Risk Determination & Acceptance
• Task 6-7: Information System Removal & Decommissioning
• Continuous Monitoring
• Security Automation Domains
• Lab: Info System & Environment Changes
• Appendix A: Supplement Reference
• Appendix B: RMF/CAP Review and Step Checklists
• Appendix C: Acronym Reference
• Appendix D: Answer Keys
• Answers to Review Questions
• Lab Exercise Answers
Chapter 6: Step 2: Select
• Step key references and overview
• Task 2-1: Common Control Identification
• Task 2-2: Select Security Controls
• Task 2-3: Monitoring Strategy
• Task 2-4: Security Plan Approval
• Lab: Select Security Controls
Chapter 7: Step 3: Implement
• Step key references and overview
• Task 3-1: Security Control Implementation
• Task 3.2: Security Control Documentation
• Lab: Security Control Implementation
Chapter 8: Step 4: Assess
• Step key references and overview
• Task 4-1: Assessment Preparation
• Task 4-2: Security Control Assessment
• Task 4-3: Security Assessment Report
• Task 4-4: Remediation Actions
• Task 4-5: Final Assessment Report
• Lab: Assessment Preparation
Chapter 9: Step 5: Authorize
• Step key references and overview
• Task 5-1: Plan of Action and Milestones
• Task 5-2: Security Authorization Package
• Task 5-3: Risk Determination
• Task 5-4: Risk Acceptance
• Lab Step 5: Authorizing Information Systems
Chapter 10: Step 6: Monitor
• Step key references and overview
• Task 6-1: Information System & Environment Changes
• Task 6-2: Ongoing Security Control Assessments
• Task 6-3: Ongoing Remediation Actions
• Task 6-4: Key Updates
• Task 6-5: Security Status Reporting
• Task 6-6: Ongoing Risk Determination & Acceptance
• Task 6-7: Information System Removal & Decommissioning
• Continuous Monitoring
• Security Automation Domains
• Lab: Info System & Environment Changes
• Appendix A: Supplement Reference
• Appendix B: RMF/CAP Review and Step Checklists
• Appendix C: Acronym Reference
• Appendix D: Answer Keys
• Answers to Review Questions
• Lab Exercise Answers