Study any time, from any device.

DoD Risk Management Framework (RMF) Boot Camp

Infosec’s DoD Risk Management Framework (RMF) Boot Camp is a 4-day course in which students delve into the DoD authorization process and gain an understanding of the Risk Management Framework.

Learn the DoD Risk Management Framework

Boot camp overview

Infosec offers the most in-depth course available for students looking to learn about the Risk Management Framework for DoD Information Technology. Risk Management Framework (RMF) describes the DoD process for identifying, implementing, assessing, and managing cybersecurity capabilities and services, expressed as security controls, and authorizing the operation of Information Systems (IS) and Platform Information Technology (PIT) systems.

RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system lifecycle, promotes reciprocity to the maximum extent possible and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and adopts the term cybersecurity in place of information assurance.

Skill up and get certified, guaranteed

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Course objectives

After completing Infosec’s DoD RMF Boot Camp, you will be able to:

  • Understand the Risk Management Framework for DoD IT Authorization process
  • Understand FISMA and NIST processes for authorizing Federal IT systems
  • Explain key roles and responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real-world activities and situations

Benefits and goals

This boot camp course blends lecture, discussion, and hands-on exercises to educate students on RMF methodology. Students will be prepared to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications.

The workshop covers transition from the DoD C&A process (DIACAP) to RMF and explains methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the DoD Instruction 8510.01 (RMF for DoD IT) into steps, tasks, outputs, and responsible entities and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the RMF Knowledge Service and corresponding NIST Special Publications.

Award-winning training that you can trust

Rising Star

Partner Award

G2 Crowd High Performer

Technical Skills Development Software

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee




Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Can’t get away for a week?

Learn cybersecurity on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 400+ courses
  • 4 cyber range environments
  • 100+ hands-on labs
  • Certification practice exams
  • 50+ learning paths

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"The course not only met my expectations, but exceeded them. It was the most engaging online training I’ve ever had."

Val Vask

Commercial Technical Lead

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

DoD RMF Boot Camp details

Legals and Regulatory Organizations

  • White House (Executive Orders)
  • OMB (Office of Management and Budget)
  • NIST (National Institute of Standards and Technology)
  • ODNI (Office of the Director of National Intelligence)
  • CNSS (Committee of National Security Systems)
  • DoD (Department of Defense)

Laws, Policies and Regulations

Integrated Organizational Wide Risk Management

System Development Life Cycle

  • Initiation
  • Development Acquisition
  • Implementation
  • Operation Maintenance
  • Disposition Disposal

RMF Key Roles and Responsibilities

  • Authorizing Official/DAA
  • AO Designated Representative
  • Chief Information Officer
  • Senior Agency Information Security Officer
  • Information System Owner
  • Information System Security Officer
  • Program Manager
  • Security Control Assessor
  • User Representative

RMF – Security Authorization

  • RMF Phase 1 – Categorize
    • Task 1 – Security Categorization
    • Task 2 – Information Systems Description
  • RMF Phase 2 – Select
    • Task 1 – Common Control Identification
    • Task 2 – Security Control Selection
    • Task 3 – Developing a Monitoring Strategy
    • Task 4 – Reviewing and Approving the SSP
  • RMF Phase 3 – Implement
    • Task 1 – Security Control Implementation
    • Task 2 – Security Control Documentation
  • RMF Phase 4 – Assess
    • Task 1 – Security Control Assessment Plan
    • Task 2 – Security Control Assessment
    • Task 3 – Security Assessment Report
    • Task 4 – Remediation Actions
  • RMF Phase 5 – Authorize
    • Task 1 – Developing a Plan of Actions and Milestones (POA&M)
    • Task 2 – Assembly of the Authorization Package
    • Task 3 – Determining Risk
    • Task 4 – Accepting Risk
  • RMF Phase 6 – Monitor
    • Task 1 – Monitoring Information System and Environment Changes
    • Task 2 – Ongoing Security Control Assessment
    • Task 3 – Ongoing Remediation Actions
    • Task 4 – Updating Security Documentation
    • Task 5 – Security Status Reporting
    • Task 6 – Ongoing Risk Determination and Acceptance
    • Task 7 – System Removal and Decommissioning

Risk Management Framework Review