Course Description

RMF for DoD IT Fundamentals provides an overview of information assurance/security and risk management from a high-level overview of RMF for DoD. Discussion is centered on RMF for DoD policies, roles and responsibilities, along with key publications from the National institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The class includes high-level discussion of the RMF for DoD 6 step life cycle along with the basics of the RMF documentation package and NIST security controls.

Audience Profile

The RMF for DoD IT training program is suitable for DoD employees and contractors, as well as their supporting vendors and service providers. Managers and others who wish to gain high-level knowledge of RMF should attend RMF for DoD IT Fundamentals (one day). Those who wish to gain detailed implementation knowledge of RMF and NIST Security Controls should attend both RMF for DoD IT Fundamentals and RMF for DoD IT In Depth (total of four days).

Course Outline

• Policy Background: FISMA, OMB A-130, NIST Publications (FIPS and SP), DoDI 8500.01, 8510.01
• Introduction to RMF
• Roles and Responsibilities
• MF Life Cycle: Categorize, Select, Implement, Assess, Authorize, Monitor
• RMF Documentation
• Security Controls and Assessment Procedures
• RMF and DIACAP
• RMF Resources