Risk Management Framework (RMF) v2 Implementation for DoD/IC
5-Day Course

Course Overview

Federal Risk Management Framework (RMF) 2.0 Implementation, DoD/IC Edition, focuses on the Risk Management Framework prescribed by NIST Standards. This edition focuses on RMF as implemented within the Department of Defense (DoD) and Intelligence Communities (IC). This course can also be used to aid in preparation for the ISC2 Certified Authorization Professional (CAP) exam, although it does not cover 100% of the CAP exam requirements.

Contact Us

Why Choose 327 Solutions for RMF?

327 Solutions developed a deep talent bench during the DIACAP to RMF transition and continues to lead the market in talent and courseware quality

327 Solutions deploys trainer to some of the largest training firms and academic institutions for RMF based on our resources

We deliver public classes, onsite private events, and via WebEx (virtual-live), giving multiple training options

40 PDU/CEUs with a Certificate of Completion

Course Outline

Course Objectives

Upon completion of the RMF course, participants will be prepared with the following knowledge.

  • An understanding of RMF policy and regulatory framework
  • Key concepts and actionable labs regarding assurance, assessment, authorization, security controls, and others.
  • The four steps of the risk management process
  • Version 2 updates, including SP 800-37, rev. 2; SP-800-53, rev. 5; SP 800-160, V1 and V2; and SP 800-171, rev. 1 (among others).
  • See Course Content for additional information

Course Content

Chapter 1: Introduction to RMF, DoD/IC Guidelines, and Key Concepts

  • RMF overview
  • DoD- and IC- Specific Guidelines
  • Key concepts including assurance, assessment, authorization
  • Security controls

Chapter 2: Cybersecurity Policy Regulations & Framework

  • Security laws, policy, and regulations
  • System Development Life Cycle (SLDC)
  • Documents for cybersecurity guidance

Chapter 3: RMF Roles and Responsibilities

  • Tasks and responsibilities for RMF roles
  • Chapter 4: Risk Analysis Process
  • Overview of risk management
  • The four-step risk management process
  • Tasks breakdown
  • Risk assessment reporting and options

Chapter 5: Step 1: Categorize

  • Step key references and overview
  • Sample SSP
  • Task 1-1: Security Categorization
  • Task 1-2: Information System Description
  • Task 1-3: Information System Registration
  • Lab: The Security Awareness Agency

Chapter 6: Step 2: Select

  • Step key references and overview
  • Task 2-1: Common Control Identification
  • Task 2-2: Select Security Controls
  • Task 2-3: Monitoring Strategy
  • Task 2-4: Security Plan Approval
  • Lab: Select Security Controls

Chapter 7: Step 3: Implement

  • Step key references and overview
  • Task 3-1: Security Control Implementation
  • Task 3.2: Security Control Documentation
  • Lab: Security Control Implementation

Chapter 8: Step 4: Assess

  • Step key references and overview
  • Task 4-1: Assessment Preparation
  • Task 4-2: Security Control Assessment
  • Task 4-3: Security Assessment Report
  • Task 4-4: Remediation Actions
  • Task 4-5: Final Assessment Report
  • Lab: Assessment Preparation

Chapter 9: Step 5: Authorize

  • Step key references and overview
  • Task 5-1: Plan of Action and Milestones
  • Task 5-2: Security Authorization Package
  • Task 5-3: Risk Determination
  • Task 5-4: Risk Acceptance
  • DoD Considerations
  • Lab Step 5: Authorize Information Systems

Chapter 10: Step 6: Monitor

  • Step key references and overview
  • Task 6-1: Information System & Environment Changes
  • Task 6-2: Ongoing Security Control Assessments
  • Task 6-3: Ongoing Remediation Actions
  • Task 6-4: Key Updates
  • Task 6-5: Security Status Reporting
  • Task 6-6: Ongoing Risk Determination & Acceptance
  • Task 6-7: Information System Removal & Decommissioning
  • Continuous Monitoring
  • Security Automation Domains
  • Lab: Info System & Environment Changes

Chapter 11: DoD/IC RMF Implementation

  • eMASS
  • RMF Knowledge Service
  • DoD/IC Specific Documentation
  • RMF within DoD and IC process review

Appendix A: Supplement Reference

Appendix B: Acronym Reference

Appendix C: RMF Process Checklists by Step

Appendix D: Answer Keys

  • Answers to Review Questions
  • Lab Exercise Answers

Each day will cover 1-2 domains’ worth of information presented via lecture, group discussion and practice questions.



Who Should Attend

Anyone that needs to know and apply the RMF framework to perform their work duties

Need more information? Contact us now!