Students in this 3 day course will learn the DoD Risk Management and Risk Management Framework governance structure for resolving Cybersecurity conflicts throughout the acquisition and sustainment of the systems lifecycle.
Course Outline
Chapter 1: Introduction
Key concepts including assurance, assessment, authorization
Reasons for change to the Risk Management Framework (RMF)
Key characteristics of security
Security controls
Chapter 2: Cybersecurity Policy Regulations and Framework
Evolution and interaction of security laws, policy, and regulations in cybersecurity
Accessing the correct documents for cyber security guidance
Assessment and Authorization transformation goals
Chapter 3: RMF Roles and Responsibilities
Tasks and responsibilities for RMF roles
Chapter 4: Risk Analysis Process
Four-step risk management process
Impact level
Level of risk
Effective risk management options
Chapter 5: Step 1: Categorize
Key documents in RMF process
Security Categorization
Information System Description
Information System Registration
Lab 1: Categorize a fictitious DoD agency information system
Chapter 6: Step 2: Select
Common Control Identification
Security Control Selection
Tailor security controls
Monitoring Strategy
Security Plan Approval
Lab 2: Select security controls for a fictitious DoD agency information system
Chapter 7: Step 3: Implement
Security Control Implementation
Security Control Documentation
Lab 3: Discuss and review decisions related to implementation of security controls
Chapter 8: Step 4: Assess
Assessment Preparation
Security Control Assessment
Security Assessment Report
Remediation Actions
Lab 4: Consult NIST SP 800-53A to determine appropriate assessment techniques for a fictitious DoD agency.
Chapter 9: Step 5: Authorize
Plan of Action and Milestones
Security Authorization Package
Risk Determination
Risk Acceptance
Lab 5: Practice compiling the documents that make up the Security Authorization Package
Chapter 10: Step 6: Monitor
Information System and Environment Changes
Patches
Ongoing Security Control Assessments
Ongoing Remediation Actions
Key Updates
Security Status Reporting
Ongoing Risk Determination and Acceptance
Information System Removal and Decommissioning
Lab 6: Identify vulnerabilities and deficiencies in the information system of a fictitious DoD agency and propose steps to remediate them.
Chapter 11: Risk Management Framework for DoD and the Intelligence Community
DoDI 8510.01
DFAR 252.204-7012
Security Control Structure
Evolution of Cybersecurity Policy
NIST: Computer Security Division
DoD Cybersecurity Policy Drivers
DIACAP to RMF
Transformation Goals
Control Selection
CNSSI-1253
RMF Integration with the SDLC
Important Federal Guidelines
DoD 8500 Cybersecurity Series
Roles and Responsibilities
Registering a DoD System
eMASS
Types of Authorizations
RMF Knowledge Service
To Hire a proven AMS DoD RMF Subject Matter Expert who teaches this class, Call 800-798-3901 Today!