DoD Risk Management Framework (RMF) Boot Camp

Infosec’s Risk Management Framework (RMF) Boot Camp is a four-day course in which you delve into the IT system authorization process and gain an understanding of the Risk Management Framework.

★★★★☆

4.7

(187 ratings)

Master the Risk Management Framework

100% Satisfaction Guarantee
Four days of live, expert DoD RMF instruction
Free annual Infosec Skills subscription ($599 value!)
1-year access to all boot camp video replays and materials
Knowledge Transfer Guarantee

Benefits and goals

This boot camp blends lecture, discussion and hands-on exercises to educate you about RMF methodology. You’ll leave prepared to implement the Risk Management Framework for your IT systems as prescribed in the updated NIST series of publications.

You’ll learn the RMF process and methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This boot camp breaks down the RMF into steps, tasks, outputs and responsible entities and includes informative lectures, discussions and exercises. These sessions will provide a functional understanding of cybersecurity and risk management and the proper selection, implementation and validation of the new security controls as outlined on the RMF Knowledge Service and corresponding NIST Special Publications.

View full course schedule

Training overview

Infosec offers the most in-depth course available for students looking to learn about the Risk Management Framework for information technology. Risk Management Framework (RMF) describes the process for identifying, implementing, assessing and managing cybersecurity capabilities and services, expressed as security controls and authorizing the operation of information technology systems.

RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system life cycle, promotes reciprocity to the maximum extent possible and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and adopts the term cybersecurity in place of information assurance.

What you'll learn

After completing Infosec’s DoD RMF Boot Camp, you will be able to:

Understand the Risk Management Framework for DoD IT authorization process
Understand FISMA and NIST processes for authorizing Federal IT systems
Explain key roles and responsibilities
Explain statutory and regulatory requirements
Apply these principles to real-world activities and situations

Who should attend

The Risk Management Framework (RMF) Boot Camp is meant for IT-focused employees and contractors and their supporting vendors and service providers.

Everything you need to learn the Risk Management Framework

100% Satisfaction Guarantee
Four days of live, expert DoD RMF instruction
Free annual Infosec Skills subscription ($599 value!)
1-year access to all boot camp video replays and materials
Knowledge Transfer Guarantee

View Pricing

DoD RMF training schedule

Infosec’s DoD RMF training is more than just a boot camp. We support you before, during and after your live training.

Before your boot camp
- Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth DoD RMF prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
During your boot camp
- Legal and regulatory organizations
  
  White House (Executive Orders)
  
  NIST (National Institute of Standards and Technology)
  
  OMB (Office of Management and Budget)
  
  CNSS (Committee of National Security Systems)
  
  Laws, policies and regulations
  
  Privacy Act
  
  Computer Fraud & Abuse Act (CFAA)
  
  Electronic Communications Privacy Act (ECPA)
  
  Computer Security Act
  
  Information Technology Management Reform Act
  
  Clinger-Cohen Act
  
  USA PATRIOT ACT
  
  Federal Information Security Management Act (FISMA)
  
  Federal Information Security Modernization Act (FISMA)
  
  Other laws (GLBA, SOX, HIPAA, HITECH)
  
  Integrated organizational-wide risk management
  
  Categories of business risk
  
  Overview of risk management
  
  Risk management objectives
  
  Potential risk impacts
  
  Potential security impacts
  
  Risk assessment process
  
  Risk assessment steps
  
  Prepare
  
  Conduct
  
  Report and communicate
  
  Maintain
  
  System development life cycle
  
  RMF key roles and responsibilities
  
  Authorizing official/DAA
  
  AO designated representative
  
  Chief information officer
  
  Senior agency information security officer
  
  Information system owner
  
  Program manager
  
  Common control provider
  
  Information owner or steward
  
  Information system security manager
  
  Information system security officer
  
  Information security architect
  
  Information system security engineer
  
  Control assessor, aka third-party assessment organization (3PAO)
  
  System user
  
  RMF phase overview
  
  Security authorization process
  
  Organization level
  
  System level
  
  Prepare
  
  Risk management roles
  
  Risk management strategy
  
  Risk assessment — organization
  
  Organizationally-tailored control baselines and cybersecurity framework profiles (optional)
  
  Common control identification
  
  Impact-level prioritization (optional)
  
  Continuous monitoring strategy — organization
  
  Mission or business focus
  
  System stakeholders
  
  Asset identification
  
  Authorization boundary
  
  Information types
  
  Information life cycle
  
  Risk assessment — system
  
  Requirements definition
  
  Enterprise architecture
  
  Requirements allocation
  
  System registration
  
  Categorization
  
  System description
  
  Security categorization
  
  Security categorization review and approval
  
  Selection
  
  Control selection
  
  Control tailoring
  
  Control allocation
  
  Documentation of planned control implementations
  
  Continuous monitoring strategy — system
  
  Plan review and approval
  
  Implementation
  
  Control implementation
  
  Update control implementation information
  
  Assessment
  
  Assessor selection
  
  Assessment plan
  
  Control assessments
  
  Assessment reports
  
  Remediation actions
  
  Plan of action and milestones
  
  Authorization
  
  Authorization package
  
  Risk analysis and determination
  
  Risk response
  
  Authorization decision
  
  Authorization reporting
  
  Monitoring
  
  System and environment changes
  
  Ongoing assessments
  
  Ongoing risk response
  
  Authorization package updates
  
  Security and privacy reporting
  
  Ongoing authorization
  
  System disposal
After your boot camp
- Your boot camp includes a 1-year subscription to Infosec Skills, so you can get a head start on your next certification goal or start earning CPEs.

Free DoD RMF training resources

Risk management and understanding what matters most

Liz Mann, head of the Life Sciences and Health sectors, Americas Cybersecurity, EY Advisory, discusses her role at EY, the importance of diverse perspectives around risk management, and her work encouraging young women to enter the cybersecurity workforce.

Listen Now

DoD RMF and Security Risk Management Salaries

Within the Department of Defense, security managers are essential for helping implement the new Risk Management Framework (RMF), a crucial update in the way threats to the United States are assessed and mitigated. Read more for salary projections.

Learn More

DoD RMF Revision 2: New updates and their impact on cybersecurity

With the publication of this revision, the NIST has taken its first step towards providing security and risk management with an integrated and flexible methodology. In this post, you’ll learn about these new updates and their impact.