InfoSec Institute offers the most in-depth course available for students looking to learn about the Risk Management Framework for DoD Information Technology. The Department of Defense has adopted and will transition to a new Cybersecurity Risk Management Framework (RMF) methodology [RDIT] as the replacement for DIACAP. The direction for this transformation comes from the latest set of both DoD and Committee for National Security Systems (CNSS) document replacements for DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, CNSSP 22, and CNSSI 1253. The RDIT is supported and complimented through a suite of standards and guidelines: National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, 800-30, 800-39, 800-53, 800-53A, and 800-137.
DoD RMF Boot Camp – Course Description:
This intense Cybersecurity-based workshop blends lecture, discussion, and hands-on exercises to educate students on the new RDIT methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop compares and contrasts numerous aspects of the current DoD C&A process (DIACAP), to the new methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the RDIT methodology (into steps, tasks, outputs, and responsible entities) and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the DIACAP Knowledge Service and complimented by NIST Special Publications.
- Understand the Risk Management Framework for DOD IT Authorization process
- Understand FISMA & NIST processes for authorizing Federal IT systems
- Explain key roles & responsibilities
- Explain statutory and regulatory requirements
- Apply these principles to real-world activities and situations