DOD RMF Training


the most in-depth course available for students needing to perform DoD Certification and Accreddiation

DOD RMF (Risk Management Framework) Overview



InfoSec Institute offers the most in-depth course available for students looking to learn about the Risk Management Framework for DoD Information Technology. The Department of Defense has adopted and will transition to a new Cybersecurity Risk Management Framework (RMF) methodology [RDIT] as the replacement for DIACAP. The direction for this transformation comes from the latest set of both DoD and Committee for National Security Systems (CNSS) document replacements for DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, CNSSP 22, and CNSSI 1253. The RDIT is supported and complimented through a suite of standards and guidelines: National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, 800-30, 800-39, 800-53, 800-53A, and 800-137.


DoD RMF Boot Camp – Course Description:

This intense Cybersecurity-based workshop blends lecture, discussion, and hands-on exercises to educate students on the new RDIT methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop compares and contrasts numerous aspects of the current DoD C&A process (DIACAP), to the new methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the RDIT methodology (into steps, tasks, outputs, and responsible entities) and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the DIACAP Knowledge Service and complimented by NIST Special Publications.


  • Understand the Risk Management Framework for DOD IT Authorization process
  • Understand FISMA & NIST processes for authorizing Federal IT systems
  • Explain key roles & responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real-world activities and situations


Course Topics

  • Introduction to RMF for DOD IT
  • Understanding the Military Security Authorization Process & History
  • Risk Management Framework
  • Categorization of Information System
  • Establishing the Security Control Baseline
  • Applying Security Controls
  • Assessing the Controls
  • Authorization of the Information System
  • Monitoring Security Controls
  • DOD adaptation of RMF
  • DODI 8510.01 
  • DODI 8500.01
  • CNSSI-1253, rev.2
  • Understand the Risk Management Approach to Security Authorization
  • Understand and Distinguish among the Risk Management Framework (RMF) Steps
  • Terms and Definitions
  • Define and Understand Roles and Responsibilities
  • Relationship between the RMF and SDLC
  • Legal, Regulatory, Guidance & Required Documents
  • Inter-related Security Authorization Processes
  • Ongoing Monitoring Strategies
  • RMF Step 1 - Categorization
  • Information System
  • System Security Plan
  • Categorize a System
  • National Security System
  • System Boundaries
  • Register System
  • RMF Step 2 – Establish the Security Control Baseline
  • Common Controls and Security Control Inheritance
  • Risk Assessment as part of the Risk Management Framework (RMF)
  • RMF 3 – Apply Security Controls
  • Implement Selected Security Controls
  • Tailoring of Security Controls
  • Document Security Control Implementation
  • RMF 4 – Assess Security Controls
  • Prepare for Security Control Assessment
  • Establish Security Control Assessment Plan (SAP)
  • Determine Security Control Effectiveness – Perform the Testing
  • Develop Initial Security Assessment Report (SAR)
  • Perform Initial Remediation Actions
  • Develop Final Security Assessment Report and Addendum
  • RMF – 5 Authorize Information System
  • Develop Plan of Action and Milestones (POAM)
  • Assemble Security Authorization Package
  • Determine Risk
  • Determine the Acceptability of Risk
  • Obtain Security Authorization Decision
  • RMF 6 – Monitor Security Controls
  • Determine Security Impact of Changes to System and Environment
  • Perform Ongoing Security Control Assessments
  • Conduct Ongoing Remediation Actions
  • Update Key Documentation
  • Perform Periodic Security Status Reporting
  • Perform Ongoing Risk Determination and Acceptance
  • Decommission and Remove System 










  • In depth course content
  • Instructors are DOD RMF experienced
"...provides a very direct and focused review of and provides a framework for understanding how to approach the exam, unlike any other in the industry. "

Rob Carey
President, ISSA S.FL

Dates & Locations

Dates Location Reserve a Seat!
-Dulles, VA Reserve a Seat
-Live Online, Reserve a Seat
Any Date Your Office!
Get Information for On-Site Training

The best in the world come train with us

See what our students are saying

  • Ryan Argomaniz

    CISSP, Bank of America

    "test reflected the study materials well"

    "I think the amount of time was appropriate, the information was relevant and well-summarized, and the test reflected the study materials well. My instructor did a great job. My Training Sales Representative has also been very helpful and I am glad that he had taken a great interest to follow up during class to with the students. I am very pleased with InfoSec lnstitute and the entire process."

    Find out more
  •   Rob Carey
    CISSP, President South Florida Chapter of ISSA

    "unlike any other in the industry"

    "This boot camp provides a very direct and focused review and provides a framework for understanding how to approach the exam, which is unlike any other in the industry. Provided that you follow their program closely, including advance study of the materials they provide as a part of their comprehensive package, this camp will be a week very well spent."

    Find out more
  • Kevin Boland

    Bentley Systems, Inc.

    "I never had a better instructor teach a class. I do mean ever."

    "The instructor was superb. I never had a better instructor teach a class. I do mean ever. He kept it entertaining as well as informational. He was able to apply theory along with real world examples. He stayed late to teach us on topics and discuss. He was truly top notch. ... I will be taking another class from your school in the future. Along with recommending my friends to your school"

    Find out more
  • " ability to make material interesting and fun is rare"

    "As I mentioned before-the instructor's ability to make material interesting and fun is rare. He truly motivates you to not only pass the certification but, to become an IT security "Jedi" & live by the warrior code."

    Find out more
DoD RMF Boot Camp Review By Mark Bunge, Manager Information Security at TransAmerica Life & Protection
Rating: 5 out of 5.
Good depth in the material, beyondmy expectations.


Call (866)-471-0059 or fill out this short form for current pricing


Other Related Tools & Resources For Our Students

We believe in a commitment to your education. Our latest offering to the IT community has tutorials, videos, articles, white papers, and other resources and training materials that InfoSec Institute makes available for free. Below are some examples that relate to our IA classes. By reading these you should get a good idea of the types of skills you'll be learning in our courses.

InfoSec Institute has an excellent instructor and this is the best IT security class I have ever taken. His knowledge and method of teaching are unsurpassed.