Risk Management Framework (RMF) v2 Implementation with CAP Exam Review 5-Day Course
Course Overview
Federal Risk Management Framework (RMF) 2.0 Implementation with CAP Exam Review focuses on the Risk Management Framework prescribed by NIST Standards. This course can also be used to aid in preparation for the ISC2 Certified Authorization Professional (CAP) exam, as it covers 100% of the CAP exam requirements. This course is current as of March 2019.

Why Choose 327 Solutions for RMF?
327 Solutions developed a deep talent bench during the DIACAP to RMF transition and continued to lead the market in talent and courseware quality
327 Solutions deploys trainer to some of the largest training firms and academic institutions for RMF based on our resources
We deliver public classes, onsite private events, and via WebEx (virtual-live), giving multiple training options
40 PDU/CEUs with a Certificate of Completion

Course Outline
Course Objectives
Upon completion of the RMF course, participants will have the following knowledge.
- An understanding of RMF policy and regulatory framework by NIST standards
- Key concepts and actionable labs regarding assurance, assessment, authorization, security controls, and other elements of RMF
- Pass the ISC2 Certified Authorization Professional (CAP) exam
- Version 2 updates, including SP 800-37, rev. 2; SP-800-53, rev. 5; SP 800-160, V1 and V2; and SP 800-171, rev. 1 (among others)
Course Content
Chapter 1: Introduction
- RMF overview
- Key concepts including assurance, assessment, authorization
- Security controls
Chapter 2: Cybersecurity Policy Regulations & Framework
- Security laws, policy, and regulations
- System Development Life Cycle (SLDC)
- Documents for cybersecurity guidance
Chapter 3: RMF Roles and Responsibilities
- Tasks and responsibilities for RMF roles
- Chapter 4: Risk Analysis Process
- Overview of risk management
- The four-step risk management process
- Tasks breakdown
- Risk assessment reporting and options
Chapter 5: Step 1: Categorize
- Step key references and overview
- Sample SSP
- Task 1-1: Security Categorization
- Task 1-2: Information System Description
- Task 1-3: Information System Registration
- Lab: The Security Awareness Agency
Chapter 6: Step 2: Select
- Step key references and overview
- Task 2-1: Common Control Identification
- Task 2-2: Select Security Controls
- Task 2-3: Monitoring Strategy
- Task 2-4: Security Plan Approval
- Lab: Select Security Controls
Chapter 7: Step 3: Implement
- Step key references and overview
- Task 3-1: Security Control Implementation
- Task 3.2: Security Control Documentation
- Lab: Security Control Implementation
Chapter 8: Step 4: Assess
- Step key references and overview
- Task 4-1: Assessment Preparation
- Task 4-2: Security Control Assessment
- Task 4-3: Security Assessment Report
- Task 4-4: Remediation Actions
- Task 4-5: Final Assessment Report
- Lab: Assessment Preparation
Chapter 9: Step 5: Authorize
- Step key references and overview
- Task 5-1: Plan of Action and Milestones
- Task 5-2: Security Authorization Package
- Task 5-3: Risk Determination
- Task 5-4: Risk Acceptance
- DoD Considerations
- Lab Step 5: Authorize Information Systems
Chapter 10: Step 6: Monitor
- Step key references and overview
- Task 6-1: Information System & Environment Changes
- Task 6-2: Ongoing Security Control Assessments
- Task 6-3: Ongoing Remediation Actions
- Task 6-4: Key Updates
- Task 6-5: Security Status Reporting
- Task 6-6: Ongoing Risk Determination & Acceptance
- Task 6-7: Information System Removal & Decommissioning
- Continuous Monitoring
- Security Automation Domains
- Lab: Info System & Environment Changes
Appendix A: Supplement Reference
Appendix B: RMF/CAP Review and Step Checklists
Appendix C: Acronym Reference
Appendix D: Answer Keys
- Answers to Review Questions
- Lab Exercise Answers
Prerequisites
None
Who Should Attend
Anyone that needs to know and apply the RMF framework to perform their work duties, or to prep and pass the ISC2 CAP exam.