DoD Risk Management Framework (RMF) Boot Camp

Infosec’s DoD Risk Management Framework (RMF) Boot Camp is a 4-day course in which students delve into the DoD authorization process and gain an understanding of the Risk Management Framework.

Award Winning Training

For 17 years InfoSec has been one of the most awarded and trusted information security training vendors - 42 industry awards!

Analyst Recommended

IDC lists Infosec as Major Player in their Security Training Vendor Assessment.

DoD RMF Course Overview

Infosec offers the most in-depth course available for students looking to learn about the Risk Management Framework for DoD Information Technology. Risk Management Framework (RMF) describes the DoD process for identifying, implementing, assessing, and managing cybersecurity capabilities and services, expressed as security controls, and authorizing the operation of Information Systems (IS) and Platform Information Technology (PIT) systems.

RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system lifecycle, promotes reciprocity to the maximum extent possible and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and adopts the term cybersecurity in place of information assurance.


After completing the Infosec’s DoD RMF Boot Camp, participants will be able to:

  • Understand the Risk Management Framework for DoD IT Authorization process
  • Understand FISMA and NIST processes for authorizing Federal IT systems
  • Explain key roles and responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real-world activities and situations

DoD RMF Boot Camp

Rated 5/5 based on 1 customer review

Benefits and Goals

This boot camp course blends lecture, discussion, and hands-on exercises to educate students on RMF methodology. Students will be prepared to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop covers transition from the DoD C&A process (DIACAP) to RMF and explains methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the DoD Instruction 8510.01 (RMF for DoD IT) into steps, tasks, outputs, and responsible entities and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the RMF Knowledge Service and corresponding NIST Special Publications.

Award-winning training that you can trust.

High Performer

Technical Skills Development Software

Outstanding Partnership Award

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

View Pricing

We will never share any of your information, spam you or annoy you with pushy sales pitches.

Our Major Clients

Course Topics

    • Legals and Regulatory Organizations
      • White House (Executive Orders)
      • OMB (Office of Management and Budget)
      • NIST (National Institute of Standards and Technology)
      • ODNI (Office of the Director of National Intelligence)
      • CNSS (Committee of National Security Systems)
      • DoD (Department of Defense)
    • Laws, Policies and Regulations
    • Integrated Organizational Wide Risk Management
    • System Development Life Cycle
      • Initiation
      • Development Acquisition
      • Implementation
      • Operation Maintenance
      • Disposition Disposal
    • RMF Key Roles and Responsibilities
      • Authorizing Official/DAA
      • AO Designated Representative
      • Chief Information Officer
      • Senior Agency Information Security Officer
      • Information System Owner
      • Information System Security Officer
      • Program Manager
      • Security Control Assessor
      • User Representative
    • RMF – Security Authorization
      • RMF Phase 1 – Categorize
        • Task 1 – Security Categorization
        • Task 2 – Information Systems Description
      • RMF Phase 2 – Select
        • Task 1 – Common Control Identification
        • Task 2 – Security Control Selection
        • Task 3 – Developing a Monitoring Strategy
        • Task 4 – Reviewing and Approving the SSP
      • RMF Phase 3 – Implement
        • Task 1 – Security Control Implementation
        • Task 2 – Security Control Documentation
      • RMF Phase 4 – Assess
        • Task 1 – Security Control Assessment Plan
        • Task 2 – Security Control Assessment
        • Task 3 – Security Assessment Report
        • Task 4 – Remediation Actions
      • RMF Phase 5 – Authorize
        • Task 1 – Developing a Plan of Actions and Milestones (POA&M)
        • Task 2 – Assembly of the Authorization Package
        • Task 3 – Determining Risk
        • Task 4 – Accepting Risk
      • RMF Phase 6 – Monitor
        • Task 1 – Monitoring Information System and Environment Changes
        • Task 2 – Ongoing Security Control Assessment
        • Task 3 – Ongoing Remediation Actions
        • Task 4 – Updating Security Documentation
        • Task 5 – Security Status Reporting
        • Task 6 – Ongoing Risk Determination and Acceptance
        • Task 7 – System Removal and Decommissioning
    • Risk Management Framework Review

    What Our Students Are Saying

    Without any question, InfoSec has the most gifted individual instructors. Our instructor for this class was both an excellent educator and a premier/world class security expert. He was able to clearly explain and impart to the students, the most complicated security techniques I have ever heard of or imagined. I simply can not find the words to recommend him and Infosec security training more highly.

    John Hollan GE

    Advanced Ethical Hacking Training Boot Camp

    Book your course

      Career Tracks

      • Information Assurance Track

        The IA track goes through all aspects of Information Assurance. Our goals with this set of courses is to create the most complete Security Manager an organization could wish for.
      • Security Pro Track

        The Security Pro Track goes through all aspects of Information Security. Our goals with this set of courses is to create the most complete Security Specialist an organization could wish for.
      Ready to get started? Get instant pricing for this award-winning boot camp. View course pricing
      View instant course pricing