IT1741: Risk Management Framework (RMF)

Course Length: 4 days - 5 days (32 hrs - 40 hrs)

Prerequisites: None

Format: Onsite, online

The Risk Management Framework (RMF) course covers FISMA requirements as applied to conducting Federal system Authorization processes. Students will be guided through the six-step RMF Life Cycle, covering Publications and Guidance in support of the RMF six-step process.

In this course, you will gain a thorough understanding of the new DoD authorization process as required by DoDI 8510.01, Risk Management Framework for DoD IT, 14 March 2014, and based on the new Committee of National Security Systems Instruction 1253 (CNSSI 1253), Security Categorization and Security Control Selection for National Security Systems (NSS), 27 March 2014, and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

RMF is the latest in the evolution from the earlier DIACAP.

Topics Covered:


Course Outline:

1. Understand Security Authorization

2. RMF Step 1 - Categorize Information and Information System

3. RMF Step 2 - Select Security Controls

4. RMF Step 3 - Implement Security Controls

5. RMF Step 4 - Assess Security Controls

6. RMF Step 5 - Authorize Information System

7. RMF Step 6 - Monitor Security Controls

8. Appendices

Notes: Formerly IIUSA-621: Project Management – DIACAP. This is normally delivered as a 32-hour class, with an optional 8 additional hours for ISC2 CAP certification preparation.