Risk Management Framework (RMF) In-depth

RMF In-Depth enables practitioners to immediately apply the training to their daily work.  Each activity in the Risk Management Framework is covered in detail, as is each component of the documentation package and the continuous monitoring process.  NIST 800-53 Security Controls and NIST 800-53a Evaluation Procedures are also covered in detail.  "Class participation" exercises reinforce key concepts.  RMF In-Depth is designed for those who need to become proficient in the "nuts and bolts" of FISMA RMF implementation.  This course provides the practical knowledge you need, without being "slanted" in favor of a specific "software tool set."

Who should attend? System owners, administrators, developers, integrators, and Information Assurance staff who need a detailed working knowledge of FISMA, the RMF process (including Security Authorization or C&A), the NIST baseline security controls, documentation package, and/or continuous monitoring process.  RMF Fundamentals is strongly recommended as a predecessor to this course.

Course Duration: Three Days

Course Format: Lecture, discussion, and individual/group exercises

Course Content:

  • Introduction and Logistics
  • Review: Information Security, FISMA, C&A
  • RMF Roles and Responsibilities in detail
  • Risk Management Overview
  • RMF Implementation – NIST SP 800-37 / CNSSP 22
    • Step 1 – Categorize (FIPS 199 & NIST SP 800-60)
    • Step 2 – Select (NIST SP 800-53, CNSSI 1253)
    • Step 3 – Implement
    • Step 4 – Assess (NIST SP 800-53A)
    • Step 5 – Authorize
    • Step 6 – Monitor (NIST SP 800-137)
  • RMF documentation
    • System Security Plan (SSP) – NIST SP 800-18
    • Security Assessment Report
    • Risk Assessment – NIST SP 800-30
    • Plan of Action and Milestones
    • Transmittal and Decision Letters
    • Supporting Documentation
  • NIST 800-53 Security Controls
    • Management Controls
    • Operational Controls
    • Technical Controls
  • Security Control Assessment Methods
  • Resources
  • Security Tools
  • Practical Guidance
  • Case Study
  • Course Review
  • Course Evaluation / Q&A
  • RMF "Jeopardy"

Course Materials: Each student will receive a printed training manual and a CD or "flash drive" containing useful documents, templates and samples.

Cost: $1,500 per person (See special pricing below)

Special Pricing: A 10% discount will be given to trainees who register for the complete curriculum (RMF Fundamentals and RMF In-Depth) in the same training week.  The total cost for the full four day training experience is $1,935 ($650+$1,500-10%).

Payment Options: Payment by check or government/corporate/personal credit card accepted at time of registration.  SF 182 accepted from government agencies.  Purchase orders accepted from government and major corporations.

How to Register: For online registration and payment, visit the Online Registration System or click here to download the registration form for submission by FAX or email.