×
< BLOG
Training and Certification

Should You Do eMASS or RMF Training First?

April 15, 2016

Ashley Neu

Knowledge of the Risk Management Framework is a prerequisite of all three eMASS training course options. RMF teaches you:

  1. What the A&A process is
  2. Why it is important
  3. Who are the people involved
  4. When it needs to be done, etc.

eMASS then teaches how to perform the A&A process using the DoD specified tool.

Therefore, you need the background knowledge of RMF before diving into eMASS. Take RMF before eMASS training. Do you think you have a decent understanding of RMF and want to bypass training? Keep reading and measure yourself against the specific skills needed before taking eMASS. 

Do I really need RMF training?

Learn more about what is included in a RMF training class. 

This depends on your comfort level with the six steps of RMF. Below is the outline used in all RMF training classes.

As you read through each of these topics and subtopics, do you feel confident that you understand at least 90% of the material? If yes, then consider skipping RMF training.

Also, consult with your manager and hear their take on your RMF knowledge and whether or not additional education is beneficial (there are RMF and eMASS bundle courses).

Introduction and Logistics

  • Review: Information Security, FISMA, A&A, DoDI 8510.01
  • RMF Roles and Responsibilities in detail
  • Risk Management Overview
  • RMF Implementation – NIST SP 800-37/CNSSP 22
  • Step 1 – Categorize (FIPS 199 & NIST SP 800-60)
  • Step 2 – Select (NIST SP 800-53, CNSSI 1253)
  • Step 3 – Implement
  • Step 4 – Assess (NIST SP 800-53A)
  • Step 5 – Authorize
  • Step 6 – Monitor (NIST SP 800-137)

RMF Documentation

  • System Security Plan (SSP) – NIST SP 800-18
  • Security Assessment Report
  • Risk Assesment – NIST SP 800-30
  • Plan of Action and Milestones
  • Transmittal and Decision Letters
  • Supporting Documentation

NIST 800-53 Security Controls

  • Management Controls
  • Operational Controls
  • Technical Controls

Security Control Assessment Methods

  • Security Tools
  • Practical Guidance
  • Resources
  • Course Review
  • Course Evaluation / Q&A

Still not sure? Try taking our RMF assessment below. This 10 question quiz tell you if the RMF training course is a good fit for you.

Take the Risk Management Framework Pre-Class Assessment

How long should I wait after taking RMF to take eMASS training?

There is no wait necessary. You can even start your eMASS training the day after your RMF course ends. If you need RMF training first, bundling the two courses to take one after the other is the recommended route.

subscribe by email

Stay Ahead

Related Posts