Request a Call Back

Risk Management Framework (RMF)

Federal Risk Management Framework Implementation (RMF) 4.0 focuses on the Risk Management Framework prescribed by NIST Standards. The course can also be used as test preparation for the ISC2 Certified Authorization Professional (CAP) certification.

Learning Objectives

  • Cybersecurity Policy Regulations and Framework
  • RMF Roles and Responsibilities
  • Risk Analysis Process
  • Step 1: Categorize
  • Step 2: Select
  • Step 3: Implement
  • Step 4: Assess
  • Step 5: Authorize
  • Step 6: Monitor

Prerequisites

Recommended

  • Knowledge and experience with information security systems and best practices
  • There are no requirements for this course

Who Should Go For This Training?

  • Those interested in Federal Risk Management (RMF) Implementation. Those interested in obtaining the ISC2 Certified Authorization Professional (CAP) certification.

Course Outline

  1. Introduction
    1. RMF overview
    2. Key concepts including assurance, assessment, authorization
    3. Security controls
  2. Cybersecurity Policy Regulations and Framework
    1. Security laws, policy, and regulations
    2. Documents for cyber security guidance
    3. Assessment and Authorization transformation goals
  3. RMF Roles and Responsibilities
    1. Tasks and responsibilities for RMF roles
  4. Risk Analysis Process
    1. Four-step risk management process
    2. Impact level
    3. Level of risk
    4. Effective risk management options
  5. Step 1: Categorize
    1. Step 1 key references
    2. Sample SSP
    3. Task 1-1: Security Categorization
    4. Task 1-2: Information System Description
    5. Task 1-3: Information System Registration
    6. Lab Step 1: Categorize
  6. Step 2: Select
    1. Step 2 key references
    2. Task 2-1: Common Control Identification
    3. Task 2-2: Select Security Controls
    4. Task 2-3: Monitoring Strategy
    5. Task 2-4: Security Plan Approval
    6. Lab Step 2: Select Security Controls
  7. Step 3: Implement
    1. Step 3 key references
    2. Task 3-1: Security Control Implementation
    3. Task 3.2: Security Control Documentation
    4. Lab Step 3: Implement Security Controls
  8. Step 4: Assess
    1. Step 4 key references
    2. Task 4-1: Assessment Preparation
    3. Task 4-2: Security Control Assessment
    4. Task 4-3: Security Assessment Report
    5. Task 4-4: Remediation Actions
    6. Lab Step 4: Assessment Preparation
  9. Step 5: Authorize
    1. Step 5 key references
    2. Task 5-1: Plan of Action and Milestones
    3. Task 5-2: Security Authorization Package
    4. Task 5-3: Risk Determination
    5. Task 5-4: Risk Acceptance
    6. Step 5: Authorizing Information Systems
  10. Step 6: Monitor
    1. Step 6 key references
    2. Task 6-1: Information System and Environment Changes
    3. Task 6-2: Ongoing Security Control Assessments
    4. Task 6-3: Ongoing Remediation Actions
    5. Task 6-4: Key Updates
    6. Task 6-5: Security Status Reporting
    7. Task 6-6: Ongoing Risk Determination and Acceptance
    8. Task 6-7: Information System Removal and Decommissioning
    9. Continuous Monitoring
    10. Security Automation Domains
    11. Lab Step 6: Monitoring Security Controls