Our Risk Management Framework (RMF) V2.0 for Federal Agencies course is a 4-day comprehensive deep dive into the Risk Management Framework prescribed by NIST Standards.
During this course, you will participate in scenario-based exercises to enhance understanding of the processes used for system authorization, including all of the elements of the Risk Management Framework. It is designed for federal employees and contractors in non-DoD agencies, and for any supporting vendors and service providers.
This RMF training course will also help students review and refresh their knowledge and identify areas they need to study for the Certified Authorization Professional exam.
With our 20 years of training experience, our team is experienced in the nuances of government information security and compliance. Our goal is to surpass expectations and earning the trust placed in being a partner in your success.
The Risk Management Framework provides a process that integrates security and risk management activities into the system development life cycle. The risk-based approach to security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.
This RMF course was created by a security expert with more than 30+ years of experience. As the creator and professor of the first graduate computer security course as adjunct faculty with a major Ivy League university, he served in the military for over twenty years and was a project manager for the NSA for five years.
This course is updated with the most relevant content to ensure your move to RMF is successful. This course may also be used as a certification preparation for (ISC)²'s CAP program. Earning the CAP certification is a proven way to build your career and demonstrate your expertise within the risk management framework (RMF).
Chapter 1: Introduction
• RMF review
• Key concepts such as assurance, assessment, authorization
• Security controls
Chapter 2: Cybersecurity Policy Regulations & Framework
• Security policy, law, and regulations
• System Development Life Cycle (SLDC)
• Documents for cyber security guidance
Chapter 3: RMF Roles and Responsibilities
• Tasks and responsibilities for RMF roles
Chapter 4: Risk Analysis Process
• Risk management overview
• Risk management process in four steps
• Tasks breakdown
• Risk assessment reporting and options
Chapter 5: Step 1: Categorize
• Step key references and overview
• Sample SSP
• Task 1-1: Security Categorization
• Task 1-2: Information System Description
• Task 1-3: Information System Registration
• Lab: The Security Awareness Agency
Chapter 6: Step 2: Select
• Step key references and overview
• Task 2-1: Common Control Identification
• Task 2-2: Select Security Controls
• Task 2-3: Monitoring Strategy
• Task 2-4: Security Plan Approval
• Lab: Select Security Controls
Chapter 7: Step 3: Implement
• Step key references and overview
• Task 3-1: Security Control Implementation
• Task 3.2: Security Control Documentation
• Lab: Security Control Implementation
Chapter 8: Step 4: Assess
• Step key references and overview
• Task 4-1: Assessment Preparation
• Task 4-2: Security Control Assessment
• Task 4-3: Security Assessment Report
• Task 4-4: Remediation Actions
• Task 4-5: Final Assessment Report
• Lab: Assessment Preparation
Chapter 9: Step 5: Authorize
• Step key references and overview
• Task 5-1: Plan of Action and Milestones
• Task 5-2: Security Authorization Package
• Task 5-3: Risk Determination
• Task 5-4: Risk Acceptance
• Lab Step 5: Authorizing Information Systems
Chapter 10: Step 6: Monitor
• Step key references and overview
• Task 6-1: Information System & Environment Changes
• Task 6-2: Ongoing Security Control Assessments
• Task 6-3: Ongoing Remediation Actions
• Task 6-4: Key Updates
• Task 6-5: Security Status Reporting
• Task 6-6: Ongoing Risk Determination & Acceptance
• Task 6-7: Information System Removal & Decommissioning
• Continuous Monitoring
• Security Automation Domains
• Lab: Info System & Environment Changes
• Appendix A: Supplement Reference
• Appendix B: RMF/CAP Review and Step Checklists
• Appendix C: Acronym Reference
• Appendix D: Answer Keys
• Answers to Review Questions
• Lab Exercise Answers
Chapter 6: Step 2: Select
• Step key references and overview
• Task 2-1: Common Control Identification
• Task 2-2: Select Security Controls
• Task 2-3: Monitoring Strategy
• Task 2-4: Security Plan Approval
• Lab: Select Security Controls
Chapter 7: Step 3: Implement
• Step key references and overview
• Task 3-1: Security Control Implementation
• Task 3.2: Security Control Documentation
• Lab: Security Control Implementation
Chapter 8: Step 4: Assess
• Step key references and overview
• Task 4-1: Assessment Preparation
• Task 4-2: Security Control Assessment
• Task 4-3: Security Assessment Report
• Task 4-4: Remediation Actions
• Task 4-5: Final Assessment Report
• Lab: Assessment Preparation
Chapter 9: Step 5: Authorize
• Step key references and overview
• Task 5-1: Plan of Action and Milestones
• Task 5-2: Security Authorization Package
• Task 5-3: Risk Determination
• Task 5-4: Risk Acceptance
• Lab Step 5: Authorizing Information Systems
Chapter 10: Step 6: Monitor
• Step key references and overview
• Task 6-1: Information System & Environment Changes
• Task 6-2: Ongoing Security Control Assessments
• Task 6-3: Ongoing Remediation Actions
• Task 6-4: Key Updates
• Task 6-5: Security Status Reporting
• Task 6-6: Ongoing Risk Determination & Acceptance
• Task 6-7: Information System Removal & Decommissioning
• Continuous Monitoring
• Security Automation Domains
• Lab: Info System & Environment Changes
• Appendix A: Supplement Reference
• Appendix B: RMF/CAP Review and Step Checklists
• Appendix C: Acronym Reference
• Appendix D: Answer Keys
• Answers to Review Questions
• Lab Exercise Answers
Looking to learn at your pace?
Learn MoreMore information about bringing an event to you.
More InformationBrowse discounted Training Camp offers.
Learn More