Next boot camp starts soon. Enroll now.

DoD Risk Management Framework (RMF) Boot Camp

Transform your career in 4 days

Our training is designed to provide an in-depth, comprehensive understanding of RMF that gives you the skills and knowledge to run successful programs in your organization or your professional offerings. The four-day Risk Management Framework (RMF) Boot Camp delves into the IT system authorization process so you gain an understanding of the RMF, key roles, responsibilities and regulatory requirements.

4.7 (187 ratings)

Course essentials

Boot camp at a glance

  • Method

    Live online, in-person or team onsite

  • Duration

    4 days

  • Experience

    1-3 years

  • Average salary


What you'll learn

Training overview

With our blend of lectures, discussions and hands-on exercises, you’ll learn the RMF process and methodology for categorizing information systems, selecting and implementing applicable security controls and establishing a continuous monitoring program. Through this boot camp, you gain the skills to:

  • Understand the Risk Management Framework for DoD IT authorization process
  • Understand FISMA and NIST processes for authorizing Federal IT systems
  • Explain key roles and responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real-world activities and situations

By the end of the Risk Management Framework training, you have the confidence and skills to provide a systematic and structured approach to identify, assess, mitigate and manage organizational risks. You have the know-how to prioritize resources, comply with regulations, make informed decisions and continually improve risk management practices. These highly sought skills make you an invaluable asset to any organization.

Award-winning training you can trust

What's included

Everything you need to know

  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path

Before your boot camp


There are no prerequisites for this course, but it is beneficial to have a basic understanding of information security concepts and familiarity with compliance and regulatory requirements and topics, such as confidentiality, integrity, availability, risk assessment and vulnerability management. IT or cybersecurity experience is recommended.


Training schedule

Preparation (before the boot camp starts)

RMF prep course

Day 1
Morning session


Legal and regulatory organizations

  • White House (Executive Orders)
  • NIST (National Institute of Standards and Technology)
  • OMB (Office of Management and Budget)
  • CNSS (Committee of National Security Systems)
Afternoon session

Legal and regulatory organizations continued

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 2
Morning session

Laws, policies and regulations

  • Privacy Act
  • Computer Fraud & Abuse Act (CFAA)
  • Electronic Communications Privacy Act (ECPA)
  • Computer Security Act
  • Information Technology Management Reform Act
  • Clinger-Cohen Act
  • Federal Information Security Management Act (FISMA)
  • Federal Information Security Modernization Act (FISMA)
  • Other laws (GLBA, SOX, HIPAA, HITECH)
Afternoon session

Laws, policies and regulations continued

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 3
Morning session

Integrated organizational-wide risk management

  • Categories of business risk
  • Overview of risk management
  • Risk management objectives
  • Potential risk impacts
  • Potential security impacts
  • Risk assessment process
  • Risk assessment steps
Afternoon session

System development life cycle

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 4
Morning session

RMF key roles and responsibilities

Afternoon session

RMF phase overview

  • Security authorization process
  • Prepare
  • Categorization
  • Implementation
  • Assessment
  • Authorization
  • Monitoring

Schedule may vary from class to class

Guaranteed results

Our boot camp guarantees

100% Satisfaction Guarantee

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.


Frequently asked questions

What is the DoD RMF?

The DoD RMF replaced the previous DoD Information Assurance Certification and Accreditation Process (DIACAP). This was done for a variety of reasons, including having a standardized information assurance language across the federal government, improved risk management, and more.

As NIST explains, RMF “provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle.”

How much does it cost to become DoD RMF trained?

DoD Risk Management Framework training advances your career and earning potential. Knowing how to implement the RMF for your IT systems as prescribed in NIST publications is a valuable skill you can acquire quickly through immersive training. To see the most up-to-date pricing, see our RMF training pricing form.

What are the requirements for RMF assess only?

“Assess only” typically refers to a specific role or responsibility within the framework. The assess only role conducts security assessments and evaluates the effectiveness of security controls but does not implement or manage the controls. These roles vary based on the organization, the complexity of the system being assessed and the specific objectives of the assessment.

Common requirements for individuals in an assess only role may include familiarity with the various steps of the RMF, a strong background in security assessment methodologies and techniques, proficiency in the technical aspects and ability to identify and assess risks and knowledge of compliance and applicable laws.

You're in good company


I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that it could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam, but will help in all exams I take in the future.

Michelle Jemmott, Pentagon


The instructor was able to take material that prior to the class had made no sense and explained it in real-world scenarios that were able to be understood.

Erik Heiss, United States Air Force


I was blown away by Infosec! The instructor's strategic delivery of information ensured that everyone understood the concepts. I'd jump at the chance to take another class or certification prep course with them!

Sylvia Swinson, Texeltek

Enroll in a boot camp

  • July 11, 2023 - July 14, 2023

    Dulles, Virginia | Available online

  • September 25, 2023 - September 28, 2023

    Online only

  • November 13, 2023 - November 16, 2023

    Online only

  • February 12, 2024 - February 15, 2024

    Online only