Federal Risk Management Framework (RMF) Implementation 3.1: DoD/IC Edition

Students in this 3 day course will learn the DoD Risk Management and Risk Management Framework governance structure for resolving Cybersecurity conflicts throughout the acquisition and sustainment of the systems lifecycle.

Course Outline

Chapter 1: Introduction

Key concepts including assurance, assessment, authorization
Reasons for change to the Risk Management Framework (RMF)
Key characteristics of security
Security controls

Chapter 2: Cybersecurity Policy Regulations and Framework

Evolution and interaction of security laws, policy, and regulations in cybersecurity
Accessing the correct documents for cyber security guidance
Assessment and Authorization transformation goals

Chapter 3: RMF Roles and Responsibilities

Tasks and responsibilities for RMF roles

Chapter 4: Risk Analysis Process

Four-step risk management process
Impact level
Level of risk
Effective risk management options

Chapter 5: Step 1: Categorize

Key documents in RMF process
Security Categorization
Information System Description
Information System Registration
Lab 1: Categorize a fictitious DoD agency information system

 Chapter 6: Step 2: Select

Common Control Identification
Security Control Selection
Tailor security controls
Monitoring Strategy
Security Plan Approval
Lab 2: Select security controls for a fictitious DoD agency information system

Chapter 7: Step 3: Implement

Security Control Implementation
Security Control Documentation
Lab 3: Discuss and review decisions related to implementation of security controls

Chapter 8: Step 4: Assess

Assessment Preparation
Security Control Assessment
Security Assessment Report
Remediation Actions
Lab 4: Consult NIST SP 800-53A to determine appropriate assessment techniques for a fictitious DoD agency.

Chapter 9: Step 5: Authorize

Plan of Action and Milestones
Security Authorization Package
Risk Determination
Risk Acceptance
Lab 5: Practice compiling the documents that make up the Security Authorization Package

Chapter 10: Step 6: Monitor

Information System and Environment Changes
Patches
Ongoing Security Control Assessments
Ongoing Remediation Actions
Key Updates
Security Status Reporting
Ongoing Risk Determination and Acceptance
Information System Removal and Decommissioning
Lab 6: Identify vulnerabilities and deficiencies in the information system of a fictitious DoD agency and propose steps to remediate them.

 Chapter 11: Risk Management Framework for DoD and the Intelligence Community

DoDI 8510.01
DFAR 252.204-7012
Security Control Structure
Evolution of Cybersecurity Policy
NIST: Computer Security Division
DoD Cybersecurity Policy Drivers
DIACAP to RMF
Transformation Goals
Control Selection
CNSSI-1253
RMF Integration with the SDLC
Important Federal Guidelines
DoD 8500 Cybersecurity Series
Roles and Responsibilities
Registering a DoD System
eMASS
Types of Authorizations
RMF Knowledge Service

To Hire a proven AMS DoD RMF Subject Matter Expert who teaches this class, Call 800-798-3901 Today!

Leave a Reply