Risk Management Framework in Practice – Building a DoD Security Package (RMF Training)

Course Duration

4 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

No prerequisites required.

Course Description

The Building a DoD Security Package training program provides students with a comprehensive working knowledge of RMF, including DoD policies and procedures, along with the practical guidance needed to successfully implement them.

Course Outline

RMF for DoD IT – Fundamentals (Day One)

• Policy Background (FISMA, OMB)
• Roles & Responsibilities
• RMF Lifecycle Overview
• Controls & Assessment Procedures

RMF for DoD IT – In-Depth (Days Two through Four)

• Step 1: Categorize Categorize the System
• Describe the System and Boundary
• Conduct a Basic Risk Assessment
• Register the System
• Step 2: Select Security Control Overview
• Analyze Security Controls
• Select the Control Baseline
• Tailor the Control Baseline
• Planning for Continuous Monitoring
• Step 3: Implement Implement Control Solutions
• Document Security Control Implementation
• STIGs and Automated Tools
• Step 4: Assess Identify Security Control Assessment Team
• Prepare for the Security Assessment
• Security Control Assessment Procedures
• Step 5: Authorize Types of Authorizations
• Authorization Decisions
• Security Authorization Package
• Documentation
• Step 6: Monitor ISCM Strategy Considerations
• Automated Tools
• System Decommissioning and Removal
• Project Planning
• Preparing for Success
• System Acquisition
• Knowledge Service

RMF publications covered in this training program include: DoDI 8500.01, 8510.01; CNSSI 1253, FIPS 199, 200; NIST SP 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-59, 800-60, 800-137 and more.