RMF Course

RMF Course

Course ID: HLT RMF100

Course Length: 4 days

Course Description:
Day one is RMF for DoD IT Fundamentals. This will provide an overview of information security and risk management. Day one proceeds to a high-level view of RMF for DoD IT. Discussion is centered on RMF for DoD IT policies, roles and responsibilities, along with key publications from the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The class includes high-level discussion of the RMF for DoD IT “life cycle”, including security authorization (aka. certification and accreditation), along with the RMF documentation package and NIST security controls.
The following 3 days, RMF for DoD IT In-Depth, expands on these topics at a level of detail that enables practitioners to immediately apply the training to their daily work. Each student will gain an in depth knowledge of the relevant DoD, NIST and CNSS publications along with the practical guidance needed to implement them in the work environment. Each life cycle activity in the DoD Instruction 8510.01 (RMF for DoD IT) is covered in detail, as is each component of the corresponding documentation package. NIST Special Publication (SP) 800-53 Security Controls, along with corresponding assessment procedures, are covered in detail, as are CNSS Instruction 1253 “enhancements”. Specific attention is paid to the process of transition from DIACAP to RMF, as well as the application of the eMASS tool to various aspects of the RMF life cycle. “Class participation” exercises and collaboration reinforce key concepts.

Target Student:
DoD employees and contractors, as well as their supporting vendors and service providers. Those who wish to gain detailed implementation knowledge of RMF and NIST Security Controls.

Delivery Method:
Instructor led, group-paced, classroom-delivery learning model with structured hands-on activities.

Course Content

Module 1: Introduction
Upon successful completion of this chapter, students will be able to:

  • Define the important concepts: assurance, assessment, authorization
  • List the three characteristics of security
  • List the reasons for the widespread change to the Risk Management Framework (RMF)
  • Define security controls and list examples of the three classes of controls
  • Logical Network Topologies

Module 2: RMF Policy Regulations and Framework
Upon successful completion of this chapter, students will be able to:

  • Describe the evolution and interaction of security laws, policy, and regulations in information security
  • Access the correct documents for cybersecurity guidance
  • Describe Assessment & Authorization transformation goals

Module 3: RMF Roles and Responsibilities
Upon successful completion of this chapter, students will be able to:

  • Understand and assign the correct roles in the RMF process for your organization
  • Perform the responsibilities associated with your RMF role
  • Identify the RMF roles of your colleagues

Module 4: Risk Analysis Process
Upon successful completion of this chapter, students will be able to:

  • Support and follow the four-step risk management process within your agency
  • Understand the factors that produce the impact level (high, medium, low) of your information system
  • Accurately quantify the level of risk to your information system
  • Decide on the effective risk management options for your system

Module 5: Step 1 - Categorize
Upon successful completion of this chapter, students will be able to:

  • Identify the six steps in the RMF process
  • Produce or support the production of the key documents of the RMF Process
  • Categorize the security characteristics of confidentiality, integrity and availability for an information system as high, medium, or low
  • Describe the information processed, stored and transmitted by your information system
  • Register an information system

Module 6: Step 2 - Select
Upon successful completion of this chapter, students will be able to:

  • Identify your information system’s common controls
  • Select the appropriate baseline controls for your information system
  • Tailor security controls for your information system
  • Supplement the baseline and tailored controls for your information system
  • Develop and/or support a continuous monitoring strategy for your information system

Module 7: Step 3 - Implement
Upon successful completion of this chapter, students will be able to:

  • Allocate the appropriate security controls for your information system
  • Implement the security controls for your information system
  • Describe your information system in a functional manner appropriate for documentation in the security plan

Module 8: Step 4 - Assess
Upon successful completion of this chapter, students will be able to:

  • Use one or more of the three methods of assessment to assess your information system’s security controls
  • Prepare or support the preparation of the security assessment report documenting the issues, findings, and recommendations from the security control assessment

Module 9: Step 5 - Authorize
Upon successful completion of this chapter, students will be able to:

  • Support the creation and completion of the plan of action and milestones (POAM) in accordance with your RMF role
  • Describe the contents of the security authorization package
  • Authorize or support the authorization of the information system
  • State the level of acceptable risk for your information system
  • Adhere to the correct procedures when a system is authorized to operate, given interim authorization, or not authorized to operate

Module 10: Step 6 - Monitor
Upon successful completion of this chapter, students will be able to:

  • Manage, control and document changes to your information system and its environment of operation
  • Implement the correct forms of patches when the situation calls for a patch
  • Select or support the selection of the appropriate assessments
  • State the characteristics of good performance measures and choose accordingly
  • Report or react to the reporting of vulnerabilities and mitigation
  • Decommission an information system in the most efficient of the four methods based on the type of information captured, process or stored by the information system