BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Course Overview
Risk Management Framework (RMF) is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC). DoD officially began its transition from the legacy DIACAP process to the new “RMF for DoD IT” process.
This course can also be used to aid in preparation for the ISC2 Certified Authorization Professional (CAP) exam, although it does not cover 100% of the CAP exam requirements. If your goal is primarily to prepare for the CAP Exam, you should use our course, Federal Risk Management Framework (RMF) 2.0 Implementation with CAP Exam Review.
This course is current as of March 2019. It was revised due to NIST producing new and updated publications over the preceding two years, including SP 800-37, rev. 2; SP-800-53, rev. 5; SP 800-160, V1 and V2; and SP 800-171, rev. 1 among others. It was also revised due to additional DoD updates to DODI 8510.01. D
The course comes with a disk of reference materials including sample documents, NIST publications, and regulatory documents. Downloadable ancillary materials include a study guide and a References and Policies handout. Instructors will also be given access to an exam with answer key.
Schedule
Federal Risk Management Framework (RMF) 2.0 Training Certification
date
location
price
Not seeing a good fit?
Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.
Learn more about custom training
Course Objectives
- Understand the Risk Management Framework for DoD IT Authorization process
- Understand FISMA and NIST processes for authorizing Federal IT systems
- Explain key roles and responsibilities
- Explain statutory and regulatory requirements
- Apply these principles to real-world activities and situations
Course Outline
Introduction
- RMF overview
- DoD- and IC- Specific Guidelines
- Key concepts including assurance, assessment, authorization
- Security controls
Cybersecurity Policy Regulations & Framework
- Security laws, policy, and regulations
- DIACAP to RMF
- System Development Life Cycle (SLDC)
- Documents for cyber security guidance
RMF Roles and Responsibilities
- Tasks and responsibilities for RMF roles
Risk Analysis Process
- Overview of risk management
- Four-step risk management process
- Tasks breakdown
- Risk assessment reporting and options
Step 1 – Categorize
- Step key references and overview
- Sample SSP
- Task 1-1: Security Categorization
- Task 1-2: Information System Description
- Task 1-3: Information System Registration
- Lab: The Security Awareness Agency
Step 2 – Select
- Step key references and overview
- Task 2-1: Common Control Identification
- Task 2-2: Select Security Controls
- Task 2-3: Monitoring Strategy
- Task 2-4: Security Plan Approval
- Lab: Select Security Controls
Step 3 – Implement
- Step key references and overview
- Task 3-1: Security Control Implementation
- Task 3.2: Security Control Documentation
- Lab: Security Control Implementation
Step 4 – Assess
- Step key references and overview
- Task 4-1: Assessment Preparation
- Task 4-2: Security Control Assessment
- Task 4-3: Security Assessment Report
- Task 4-4: Remediation Actions
- Task 4-5: Final Assessment Report
- Lab: Assessment Preparation
Step 5 – Authorize
- Step key references and overview
- Task 5-1: Plan of Action and Milestones
- Task 5-2: Security Authorization Package
- Task 5-3: Risk Determination
- Task 5-4: Risk Acceptance DoD Considerations
- Lab Step 5: Authorize Information Systems
Step 6 – Monitor
- Step key references and overview
- Task 6-1: Information System & Environment Changes
- Task 6-2: Ongoing Security Control Assessments
- Task 6-3: Ongoing Remediation Actions
- Task 6-4: Key Updates
- Task 6-5: Security Status Reporting
- Task 6-6: Ongoing Risk Determination & Acceptance
- Task 6-7: Information System Removal & Decommissioning
- Continuous Monitoring
- Security Automation Domains
- Lab: Info System & Environment Changes
DoD/IC RMF Implementation
- eMASS
- RMF Knowledge Service
- DoD/IC Specific Documentation
- RMF within DoD and IC process review
RMF Training FAQs
This course is designed for system owners, administrators, developers, integrators, and information assurance staff who need to understand
FISMA, RMF process (including Security Authorization or A&A), NIST baseline security controls, documentation package, and continuous monitoring process.
Students should have knowledge and experience with information security systems and best practices.
Federal Risk Management Framework (RMF) 2.0 Training Certification Resources
-
Blog Post
The Benefits of Earning the EC-Council Certified Threat Intelligence Analyst (CTIA) Certification
-
Blog Post
Level Up Your Cybersecurity Career: The Benefits of CISM Training
-
Blog Post
OffSec and Phoenix TS Forge Strategic Partnership to Elevate Cybersecurity Training Landscape
-
Blog Post
PHOENIX TS NOW OFFERS EMERGING TECH TRAINING AS AN AUTHORIZED TRAINING PARTNER WITH CERTNEXUS
-
Blog Post
Phoenix TS and Alliance Cyber Announce Strategic Partnership to Deliver Comprehensive Training Services Nationwide
-
Blog Post
Phoenix TS Took To San Diego For CIC 2023: Highlights From The Conference And What Comes Next
-
Blog Post
Cybersecurity Mindful Moments by Tara Lemieux
-
Blog Post
CompTIA and Continuing Education (CE’s)
-
Blog Post
Boost your Cyber Security Awareness
-
Blog Post
Why You Should Invest in Cyber Security
-
Blog Post
Diversity: A Tough Topic Worth Tackling
-
Blog Post
Benefits and Advantages of Instructor-Led Courseware
-
Blog Post
Data, Data, and more Data!!!
-
Blog Post
Be Prepared for Anything with EDRP
-
Blog Post
Learn How to Make Your Dream Business a Reality
-
Blog Post
The FYI ABOUT PMP from PMI
-
Blog Post
STRENGTHEN YOUR CYBERCORE!
-
Blog Post
Security + Changes!
-
Blog Post
What’s the 411 with the updated CySA+?
-
Blog Post
How to Maintain Team Building While Working Remotely!
-
Blog Post
All About the CISSP
-
Blog Post
Get CCNA-ready in 2020!
-
Blog Post
IT Project Managers, a career of keeping business IT on track!
-
Blog Post
Jira – The Godzilla of Team Support Tools!
-
Blog Post
What’s All the Buzz Around Microsoft Azure?
-
Blog Post
Get the E-Book!
-
Blog Post
The Adobe Connect Way!
-
Blog Post
Train, Test and Certify From Home!
-
Blog Post
Critical Thinking in the Workplace
-
Blog Post
Are you Teleworking Now? Watch out. Cybersecurity risks are everywhere!
-
Blog Post
Everything you wanted to know about the Security+ SY0-601 but were afraid to ask!
-
Blog Post
Hey Remote Worker! You Better be Using Email Best Practices
-
Blog Post
Head in the Cloud? Time to Face Cyber Security Reality
-
Blog Post
Companies use COVID-19 Downtime to Educate their Workforce Online
-
Resource
Risk Management Framework (RMF) Assessment
-
Blog Post
RMF vs eMASS: The Difference between Course Labs
-
Blog Post
What is Risk Management?
-
Blog Post
Should You Do eMASS or RMF Training First?
-
Blog Post
The Difference between RMF and CAP
-
Blog Post
Transitioning from DIACAP to RMF
BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org