DoD Risk Management Framework (RMF) Boot Camp

Transform your career in 4 days

Our training is designed to provide an in-depth, comprehensive understanding of RMF that gives you the skills and knowledge to run successful programs in your organization or your professional offerings. The four-day Risk Management Framework (RMF) Boot Camp delves into the IT system authorization process so you gain an understanding of the RMF, key roles, responsibilities and regulatory requirements.

4.7 (187 ratings)

Affirm Financing available
100% Satisfaction Guarantee Logo

Course essentials

Boot camp at a glance

  • Method

    Live online, in-person, team onsite

  • Duration

    4 days

  • Experience

    1-3 years of experience

  • Average salary


What you'll learn

Training overview

With our blend of lectures, discussions and hands-on exercises, you’ll learn the RMF process and methodology for categorizing information systems, selecting and implementing applicable security controls and establishing a continuous monitoring program. Through this boot camp, you gain the skills to:

  • Understand the Risk Management Framework for DoD IT authorization process
  • Understand FISMA and NIST processes for authorizing Federal IT systems
  • Explain key roles and responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real-world activities and situations

By the end of the Risk Management Framework training, you have the confidence and skills to provide a systematic and structured approach to identify, assess, mitigate and manage organizational risks. You have the know-how to prioritize resources, comply with regulations, make informed decisions and continually improve risk management practices. These highly sought skills make you an invaluable asset to any organization.

Who should attend

Who Should Attend Image

The Risk Management Framework (RMF) Boot Camp is meant for IT-focused employees and contractors and their supporting vendors and service providers. Here's what each role can gain from attending:

  • IT professionals
  • Risk managers
  • Compliance officers
  • Project managers
  • Executive management:
  • Auditors and inspectors
  • Legal and compliance teams

By attending RMF training, participants from these roles gain invaluable knowledge to take their expertise to the next level.

Award-winning training you can trust

Ready to discuss your training goals? We've got you covered.

Complete the form and book a meeting with a member of our team to explore your learning opportunities.

This is where the error message would go.

Step 1


Thanks! We look forward to meeting with you!

What's included

Everything you need to know

 Certification Logo
  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path

What makes the Infosec RMF prep course different?

You can rest assured that the RMF training materials are fully updated and synced with the latest version of the exam. In addition, you’ll gain access to the prep course the moment you enroll, so you can prepare for and get the most out of your boot camp.


With 20 years of training experience, we stand by our RMF training with 100% satisfaction guaranteed. This means if you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Before your boot camp


There are no prerequisites for this course, but it is beneficial to have a basic understanding of information security concepts and familiarity with compliance and regulatory requirements and topics, such as confidentiality, integrity, availability, risk assessment and vulnerability management. IT or cybersecurity experience is recommended.


Training schedule

Preparation (before the boot camp starts)
Infosec Skills 90 day subscription logo

RMF prep course

Day 1
Morning session


Legal and regulatory organizations

  • White House (Executive Orders)
  • NIST (National Institute of Standards and Technology)
  • OMB (Office of Management and Budget)
  • CNSS (Committee of National Security Systems)
Afternoon session

Legal and regulatory organizations continued

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 2
Morning session

Laws, policies and regulations

  • Privacy Act
  • Computer Fraud & Abuse Act (CFAA)
  • Electronic Communications Privacy Act (ECPA)
  • Computer Security Act
  • Information Technology Management Reform Act
  • Clinger-Cohen Act
  • Federal Information Security Management Act (FISMA)
  • Federal Information Security Modernization Act (FISMA)
  • Other laws (GLBA, SOX, HIPAA, HITECH)
Afternoon session

Laws, policies and regulations continued

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 3
Morning session

Integrated organizational-wide risk management

  • Categories of business risk
  • Overview of risk management
  • Risk management objectives
  • Potential risk impacts
  • Potential security impacts
  • Risk assessment process
  • Risk assessment steps
Afternoon session

System development life cycle

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 4
Morning session

RMF key roles and responsibilities

Afternoon session

RMF phase overview

  • Security authorization process
  • Prepare
  • Categorization
  • Implementation
  • Assessment
  • Authorization
  • Monitoring

Schedule may vary from class to class

What's next?

After you finish the Risk Management Framework training

What's Next Image

After completing the course, take additional time to get a head start on earning a certification or start earning CPEs. 

Our boot camps are well-crafted to prepare you for the challenges of risk management and ensure more marketable skills. Your Infosec Skills access extends 90 days past your boot camp, so you can revisit courses on video and shore up areas where you want to learn more.


Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Career Opportunities

What are the career opportunities like for RMF certified professionals?

The DoD Risk Management Framework knowledge opens career opportunities, as it’s crucial to many IT and security roles related to the DoD. Common job titles and roles held by professionals with this training include:

  • Information security manager
  • Compliance officer
  • Risk management auditor 
  • Governance, risk and compliance (GRC) specialist

The demand for risk managers is growing as organizations better recognize the need for proactive measures. Focus is now on the evolving risk landscape, regulations requirements, financial protection concerns and the desire to build risk-aware cultures, which gives well-trained professionals a competitive advantage. Those with strong risk management skills, industry-specific knowledge and the ability to navigate complex risks have promising career prospects.

What job titles are most common for people with RMF certification?

Some common positions that this certification can help you land include:

  • Risk manager icon

    Risk manager

  • Chief risk officer (CRO) icon

    Chief risk officer (CRO)

  • Risk analyst icon

    Risk analyst

  • Compliance auditor icon

    Compliance auditor

Average Salary

CompTIA’s RMF certification salary expectations

Because job titles in the field vary widely, so do expected salaries. However, the average salary for an RMF-focused cybersecurity analyst is $88,282, according to Glassdoor. Salaries change based on location and experience, but education and training play a big role in increasing earning potential.

Guaranteed results

Our boot camp guarantees

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.


Frequently asked questions

What is the DoD RMF?

The DoD RMF replaced the previous DoD Information Assurance Certification and Accreditation Process (DIACAP). This was done for a variety of reasons, including having a standardized information assurance language across the federal government, improved risk management, and more.

As NIST explains, RMF “provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle.”

How much does it cost to become DoD RMF trained?
DoD Risk Management Framework training advances your career and earning potential. Knowing how to implement the RMF for your IT systems as prescribed in NIST publications is a valuable skill you can acquire quickly through immersive training. To see the most up-to-date pricing, see our RMF training pricing form.
What are the requirements for RMF assess only?

"Assess only" typically refers to a specific role or responsibility within the framework. The assess only role conducts security assessments and evaluates the effectiveness of security controls but does not implement or manage the controls. These roles vary based on the organization, the complexity of the system being assessed and the specific objectives of the assessment.

Common requirements for individuals in an assess only role may include familiarity with the various steps of the RMF, a strong background in security assessment methodologies and techniques, proficiency in the technical aspects and ability to identify and assess risks and knowledge of compliance and applicable laws.

You’re in Good Company


I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that it could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam, but will help in all exams I take in the future.

Michelle Jemmott, Pentagon

The instructor was able to take material that prior to the class had made no sense and explained it in real-world scenarios that were able to be understood.

Erik Heiss, United States Air Force

I was blown away by Infosec! The instructor's strategic delivery of information ensured that everyone understood the concepts. I'd jump at the chance to take another class or certification prep course with them!

Sylvia Swinson, Texeltek

Enroll in a boot camp

September 23, 2024 - September 26, 2024

Online only | Start time: 8:30 AM (CST)

November 11, 2024 - November 14, 2024

Online only | Start time: 8:30 AM (CST)

February 10, 2025 - February 13, 2025

Online only | Start time: 8:30 AM (CST)

July 22, 2025 - July 25, 2025

Online only | Start time: 8:30 AM (CST)