DoD Risk Management Framework (RMF) Boot Camp
Infosec’s Risk Management Framework (RMF) Boot Camp is a four-day course in which you delve into the IT system authorization process and gain an understanding of the Risk Management Framework.
Master the Risk Management Framework
- 100% Satisfaction Guarantee
- Four days live, expert DoD RMF instruction (live online or in-person)
- Immediate access to Infosec Skills — including a bonus boot camp prep course — from the minute you enroll to 90 days after your boot camp
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Benefits and goals
This boot camp blends lecture, discussion and hands-on exercises to educate you about RMF methodology. You’ll leave prepared to implement the Risk Management Framework for your IT systems as prescribed in the updated NIST series of publications.
You’ll learn the RMF process and methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This boot camp breaks down the RMF into steps, tasks, outputs and responsible entities and includes informative lectures, discussions and exercises. These sessions will provide a functional understanding of cybersecurity and risk management and the proper selection, implementation and validation of the new security controls as outlined on the RMF Knowledge Service and corresponding NIST Special Publications.
Training overview
Infosec offers the most in-depth course available for students looking to learn about the Risk Management Framework for information technology. Risk Management Framework (RMF) describes the process for identifying, implementing, assessing and managing cybersecurity capabilities and services, expressed as security controls and authorizing the operation of information technology systems.
RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system life cycle, promotes reciprocity to the maximum extent possible and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and adopts the term cybersecurity in place of information assurance.
What you'll learn
After completing Infosec’s DoD RMF Boot Camp, you will be able to:
- Understand the Risk Management Framework for DoD IT authorization process
- Understand FISMA and NIST processes for authorizing Federal IT systems
- Explain key roles and responsibilities
- Explain statutory and regulatory requirements
- Apply these principles to real-world activities and situations
Who should attend
The Risk Management Framework (RMF) Boot Camp is meant for IT-focused employees and contractors and their supporting vendors and service providers.
Everything you need to learn the Risk Management Framework
- 100% Satisfaction Guarantee
- 4 days live, expert DoD RMF instruction (live online or in-person)
- DoD RMF boot camp prep course
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
DoD RMF training schedule
Infosec’s DoD RMF training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth DoD RMF prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Legal and regulatory organizations
- White House (Executive Orders)
- NIST (National Institute of Standards and Technology)
- OMB (Office of Management and Budget)
- CNSS (Committee of National Security Systems)
Laws, policies and regulations
- Privacy Act
- Computer Fraud & Abuse Act (CFAA)
- Electronic Communications Privacy Act (ECPA)
- Computer Security Act
- Information Technology Management Reform Act
- Clinger-Cohen Act
- USA PATRIOT ACT
- Federal Information Security Management Act (FISMA)
- Federal Information Security Modernization Act (FISMA)
- Other laws (GLBA, SOX, HIPAA, HITECH)
Integrated organizational-wide risk management
- Categories of business risk
- Overview of risk management
- Risk management objectives
- Potential risk impacts
- Potential security impacts
- Risk assessment process
- Risk assessment steps
- Prepare
- Conduct
- Report and communicate
- Maintain
System development life cycle
RMF key roles and responsibilities
- Authorizing official/DAA
- AO designated representative
- Chief information officer
- Senior agency information security officer
- Information system owner
- Program manager
- Common control provider
- Information owner or steward
- Information system security manager
- Information system security officer
- Information security architect
- Information system security engineer
- Control assessor, aka third-party assessment organization (3PAO)
- System user
RMF phase overview
- Security authorization process
- Organization level
- System level
- Prepare
- Risk management roles
- Risk management strategy
- Risk assessment — organization
- Organizationally-tailored control baselines and cybersecurity framework profiles (optional)
- Common control identification
- Impact-level prioritization (optional)
- Continuous monitoring strategy — organization
- Mission or business focus
- System stakeholders
- Asset identification
- Authorization boundary
- Information types
- Information life cycle
- Risk assessment — system
- Requirements definition
- Enterprise architecture
- Requirements allocation
- System registration
- Categorization
- System description
- Security categorization
- Security categorization review and approval
- Selection
- Control selection
- Control tailoring
- Control allocation
- Documentation of planned control implementations
- Continuous monitoring strategy — system
- Plan review and approval
- Implementation
- Control implementation
- Update control implementation information
- Assessment
- Assessor selection
- Assessment plan
- Control assessments
- Assessment reports
- Remediation actions
- Plan of action and milestones
- Authorization
- Authorization package
- Risk analysis and determination
- Risk response
- Authorization decision
- Authorization reporting
- Monitoring
- System and environment changes
- Ongoing assessments
- Ongoing risk response
- Authorization package updates
- Security and privacy reporting
- Ongoing authorization
- System disposal
-
-
After your boot camp
-
Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-
Free DoD RMF training resources
Sign up