Course Outline
Module 1: Introduction
- RMF overview
- DoD- and IC- Specific Guidelines
- Key concepts including assurance, assessment, authorization
- Security controls
Module 2: Cybersecurity Policy Regulations & Framework
- Security laws, policy, and regulations
- DIACAP to RMF
- System Development Life Cycle (SLDC)
- Documents for cyber security guidance
Module 3: RMF Roles and Responsibilities
- Tasks and responsibilities for RMF roles
Module 4: Risk Analysis Process
- Overview of risk management
- Four-step risk management process
- Tasks breakdown
- Risk assessment reporting and options
Module 5: Step 1: Categorize
- Step key references and overview
- Sample SSP
- Task 1-1: Security Categorization
- Task 1-2: Information System Description
- Task 1-3: Information System Registration
- Lab: The Security Awareness Agency
Module 6: Step 2: Select
- Step key references and overview
- Task 2-1: Common Control Identification
- Task 2-2: Select Security Controls
- Task 2-3: Monitoring Strategy
- Task 2-4: Security Plan Approval
- Lab: Select Security Controls
Module 7: Step 3: Implement
- Step key references and overview
- Task 3-1: Security Control Implementation
- Task 3.2: Security Control Documentation
- Lab: Security Control Implementation
Module 8: Step 4: Assess
- Step key references and overview
- Task 4-1: Assessment Preparation
- Task 4-2: Security Control Assessment
- Task 4-3: Security Assessment Report
- Task 4-4: Remediation Actions
- Task 4-5: Final Assessment Report
- Lab: Assessment Preparation
Module 9: Step 5: Authorize
- Step key references and overview
- Task 5-1: Plan of Action and Milestones
- Task 5-2: Security Authorization Package
- Task 5-3: Risk Determination
- Task 5-4: Risk Acceptance DoD Considerations
- Lab Step 5: Authorize Information Systems
Module 10: Step 6: Monitor
- Step key references and overview
- Task 6-1: Information System & Environment Changes
- Task 6-2: Ongoing Security Control Assessments
- Task 6-3: Ongoing Remediation Actions
- Task 6-4: Key Updates
- Task 6-5: Security Status Reporting
- Task 6-6: Ongoing Risk Determination & Acceptance
- Task 6-7: Information System Removal & Decommissioning
- Continuous Monitoring
- Security Automation Domains
- Lab: Info System & Environment Changes
Module 11: DoD/IC RMF Implementation
- eMASS
- RMF Knowledge Service
- DoD/IC Specific Documentation
- RMF within DoD and IC process review