Risk Management Framework (RMF) (SEC-RMF)
About this course:
The Department of Defense is replacing the old security management program legacy Certification of Accreditation (C&A) processes with the Risk Management Framework (RMF) as a unified security Framework. Federal Risk Management Framework is now used in the departments and agencies of federal government including the Department of Defense (DOD) and intelligence Community (IC). RMF is fundamental for the implementation of the Federal Information Security Management Act
Transition from DIACAP to RMF in the department of defense has made the course Federal Risk Management Framework (RMF) specifically beneficial for the employees and contractors of Department of Defense. The courseware for the Risk Management Framework (RMF) incorporates the publications and recommendations of National Institute of Standard and Technology (NIST) and the Committee on National Security System (CNSS).
Virtual Instructed-Led Outline
- Define the important concepts: assurance, assessment, authorization
- List the three key characteristics of security
- List the reasons for the widespread change to the Risk Management Framework (RMF)
- Define security controls and list examples of the three classes of controls
- Describe the evolution and interaction of security laws, policy, and regulations in information security
- List the DoD IA policy drivers
- Access the correct documents for information assurance guidance
- Describe Assessment and Authorization transformation goals
- Understand and assign the correct roles in the RMF process for your organization
- Perform the responsibilities associated with your RMF role
- Identify the RMF roles of your colleagues
- Support and follow the four-step risk management process within your agency
- Understand the factors that produce the impact level (high, medium, low) of your information system
- Accurately quantify the level of risk to your information system
- Decide on the effective risk management options for your system
- Identify the six steps in the RMF process
- Produce or support the production of the key documents in the RMF process
- Categorize the security characteristics of confidentiality, integrity and availability for an information system as high, medium, or low
- Describe the information processed, stored and transmitted by your information system
- Register an information system
- Identify your information system's common controls
- Select the appropriate baseline controls for your information system
- Tailor security controls for your information system
- Supplement the baseline and tailored controls for your information system
- Develop and/or support a continuous monitoring strategy for your information system
- Allocate the appropriate security controls for your information system
- Implement the security controls for your information system
- Describe your information system in a functional manner appropriate for documentation in the security plan
- Use one or more of the three methods of assessment to assess your information system's security controls
- Prepare or support the preparation of the security assessment report documenting the issues, findings, and recommendations from the security control assessment
- Support the creation and completion of the plan of action and milestones (POAM) in accordance with your RMF role
- Describe the contents of the security authorization package
- Authorize or support the authorization of the information system
- State the level of acceptable risk for your information system
- Adhere to the correct procedures when a system is authorized to operate, given interim authorization, or not authorized to operate
- Manage, control and document changes to your information system and its environment of operation
- Implement the correct forms of patches when the situation calls for a patch
- Select or support the selection of the appropriate assessments
- State the characteristics of good performance measures and choose accordingly
- Report or react to the reporting of vulnerabilities and mitigation
- Decommission an information system in the most efficient of the four methods based on the type of information captured, process or stored by the information system
- Utilize information assurance tools such as eMass to improve the A&A process
- Access the DIACAP Knowledge Service for up-to-date information on the risk management framework
- Understand the purpose and use of CyberScope
|Learning Style||Virtual Classroom|
|Course Duration||4 Days|
Frequently Asked Questions About Virtual Instructor-Led Courses
I can't connect to my class, what are my options?
The link to the class is available upon logging in to your dashboard. If you are unable to see it, please contact our support team at 1-855-800-8240 and they will be happy to provide you the direct link via email or the dial in number.
I can't make it to attend to class. Can I reschedule?
Yes, you can reschedule your class. Please contact your Sales representative and they will arrange this for you. If you forgot his/her name, feel free to contact our support team at firstname.lastname@example.org or 1-855-800-8240.
Will I get my certificate upon completion?
Yes. Upon completion of the course, it will be available on your course as a Trophy Icon for you to download. If you do not see this, you will need to contact email@example.com with the following details so they can email you the certificate: Class Name, Class Date, Account Rep, and Your Email.
I cannot connect to my lab. Help!
Your Lab is accessible on the bottom part of your course. You will see a button that says "LAB". Just click it to launch the lab. Please note that some classes don’t need/require a LAB. You can verify with our support team by calling them at 1-855-800-8240 or by email at firstname.lastname@example.org. You can also check with your Instructor or the Associate Instructor if your class includes one.
What is my access code for Skillpipe?
A. Not all of the classes have or require Skillpipe. If your class includes one, please check your email as you should have received one from email@example.com. In case you do not find it in your inbox, please check the Spam / Junk folder. For any further assistance, you can call the support at 1-855-800-8240 or contact them via email at firstname.lastname@example.org.
I don't have audio. I can't hear the instructor.
Make sure you are using a compatible headset for your laptop or computer. If you don’t have a headset, you can use the built-in speaker of your laptop. Otherwise, you can use the dial in option by calling the dial in number provided in the class joining email. You may also contact support team for the dial in numbers associated for your training at 1-855-800-8240 or contact them via email at email@example.com.
How can I reach student support?
Support can be reach via phone at 1855-800-8240; via email at firstname.lastname@example.org or via chat support through the chat button on our website. Please note that support office hours will be from 8am-5pm CST Monday to Friday. Any concerns after office hours will be attended the following business day.
Get A Team Quote or Got Questions?
- Personalize learning based on competencies, goals & tools
- Expert Mentoring
- Hands on Labs & Assignments
- AI Curated Digital Book Content
- Adaptive Learning Paths
- Analytics & Benchmarking
- High certification Pass Rates – Over 200,000 people certified and more than 95% of our learners pass their certification on the first attempt