Study any time, from any device.

DoD Risk Management Framework (RMF) Boot Camp

Infosec’s Risk Management Framework (RMF) Boot Camp is a four-day course in which you delve into the IT system authorization process and gain an understanding of the Risk Management Framework.

Learn the DoD Risk Management Framework

Boot camp overview

Infosec offers the most in-depth course available for students looking to learn about the Risk Management Framework for information technology. Risk Management Framework (RMF) describes the process for identifying, implementing, assessing and managing cybersecurity capabilities and services, expressed as security controls and authorizing the operation of information technology systems.

RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system life cycle, promotes reciprocity to the maximum extent possible and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and adopts the term cybersecurity in place of information assurance.

Skill up and get certified, guaranteed

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included

  • Four days of training with an expert instructor
  • Infosec digital courseware (physical textbooks available to purchase)
  • 90-day access to course replays (Flex Pro)
  • Curated videos from other top-rated instructors (add-on)
  • 100% Satisfaction Guarantee

Course objectives

After completing Infosec’s DoD RMF Boot Camp, you will be able to:

  • Understand the Risk Management Framework for DoD IT authorization process
  • Understand FISMA and NIST processes for authorizing Federal IT systems
  • Explain key roles and responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real-world activities and situations

Award-winning training that you can trust

Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Benefits and goals

This boot camp blends lecture, discussion and hands-on exercises to educate you about RMF methodology. You’ll leave prepared to implement the Risk Management Framework for your IT systems as prescribed in the updated NIST series of publications.

You’ll learn the RMF process and methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This boot camp breaks down the RMF into steps, tasks, outputs and responsible entities and includes informative lectures, discussions and exercises. These sessions will provide a functional understanding of cybersecurity and risk management and the proper selection, implementation and validation of the new security controls as outlined on the RMF Knowledge Service and corresponding NIST Special Publications.

Who should attend?

The Risk Management Framework (RMF) Boot Camp is meant for IT-focused employees and contractors and their supporting vendors and service providers.

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee




Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Can’t get away for a week?

Learn cybersecurity on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 400+ courses
  • 4 cyber range environments
  • 100+ hands-on labs
  • Certification practice exams
  • 50+ learning paths

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"The course not only met my expectations, but exceeded them. It was the most engaging online training I’ve ever had."

Val Vask

Commercial Technical Lead

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

DoD RMF Boot Camp details

Legals and regulatory organizations

  • White House (Executive Orders)
  • NIST (National Institute of Standards and Technology)
  • OMB (Office of Management and Budget)
  • CNSS (Committee of National Security Systems)

Other related references

  • ODNI (Office of the Director of National Intelligence)
  • DoD (Department of Defense)
  • Laws, policies and regulations
  • Integrated organization-wide risk management

System development life cycle

RMF key roles and responsibilities

  • Authorizing official/DAA
  • AO designated representative
  • Chief information officer
  • Senior agency information security officer
  • Information system owner
  • Information system security officer
  • Program manager
  • Security control assessor
  • User representative

RMF – Security authorization

  • RMF phase 1 – Categorize
    • Task 1 – Security categorization
    • Task 2 – Information systems description
  • RMF phase 2 – Select
    • Task 1 – Common control identification
    • Task 2 – Security control selection
    • Task 3 – Developing a monitoring strategy
    • Task 4 – Reviewing and approving the SSP
  • RMF phase 3 – Implement
    • Task 1 – Security control implementation
    • Task 2 – Security control documentation
  • RMF phase 4 – Assess
    • Task 1 – Security control assessment plan
    • Task 2 – Security control assessment
    • Task 3 – Security assessment report
    • Task 4 – Remediation actions
  • RMF phase 5 – Authorize
    • Task 1 – Developing a Plan of Actions and Milestones (POA&M)
    • Task 2 – Assembly of the authorization package
    • Task 3 – Determining risk
    • Task 4 – Accepting risk
  • RMF phase 6 – Monitor
    • Task 1 – Monitoring information system and environment changes
    • Task 2 – Ongoing security control assessment
    • Task 3 – Ongoing remediation actions
    • Task 4 – Updating security documentation
    • Task 5 – Security status reporting
    • Task 6 – Ongoing risk determination and acceptance
    • Task 7 – System removal and decommissioning

Risk Management Framework review