Department of Defense Risk Management Framework Days of Training: 4 Course Description Risk Management Framework (RMF) is the unified information security framework for the entire Federal government that is replacing the legacy Certification and Accreditation (C&A) processes within Federal government departments and agencies, the Department of Defense (DoD) and the Intelligence Community (IC). DoD has officially begun its transition from legacy DIACAP processes to the new RMF for DOD process. Department of Defense Risk Management Framework enables practitioners to immediately apply the training to their daily work. Each activity in the Risk Management Framework is covered in detail, as is each component of the documentation package and the continuous monitoring process. DoDI 8510.01, NIST 800-53 Security Controls and NIST 800-53a Evaluation Procedures are also covered in detail. Class participation exercises reinforce key concepts. RMF is designed for those who need to become proficient in the nuts and bolts of FISMA RMF implementation. This course provides the practical knowledge you need, without being slanted in favor of a specific software tool set. Other Courses in the Series There are no other courses in this series. Outline Chapter 1: Introduction Key concepts including assurance, assessment, authorization’ Security controls: structure, types, families Key characteristics of security Chapter 2: Cybersecurity Policy Regulations and Framework Evolution and interaction of security laws, policy, and regulations in cybersecurity DoD cybersecurity drivers Cybersecurity guidance Assessment and authorization transformation goals Chapter 3: RMF Roles and Responsibilities Tasks and responsibilities for RMF roles Chapter 4: Risk Analysis Process Four-step risk management process Impact level Level of risk Chapter 5: Step 1: Categorize Key documents in RMF process Security Categorization Information System Description Information System Registration Lab 1: Categorize a fictitious DoD agency information system Chapter 6: Step 2: Select Common Control Identification Security Control Selection Monitoring Strategy Security Plan Approval Lab 2: Select security controls for a fictitious DoD agency information system Chapter 7: Step 3: Implement Security Control Implementation Security Control Documentation Lab 3: Discuss and review decisions related to implementation of security controls Chapter 8: Step 4: Assess Assessment Preparation Security Control Assessment Security Assessment Report Remediation Actions Lab 4: Consult NIST SP 800-53A to determine appropriate assessment techniques for a fictitious DoD agency. Chapter 9: Step 5: Authorize Plan of Action and Milestones Security Authorization Package Risk Determination Risk Acceptance Lab 5: Practice compiling the documents that make up the Security Authorization Package Chapter 10: Step 6: Monitor Information System and Environment Changes Ongoing Security Control Assessments Ongoing Remediation Actions Key Updates Security Status Reporting Ongoing Risk Determination and Acceptance Information System Removal and Decommissioning Lab 6: Identify vulnerabilities and deficiencies in the information system of a fictitious DoD agency and propose steps to remediate them. Chapter 11: Resources eMass RMF Knowledge Service CyberScope