DoD RMF Course Overview

ARECyber offers the most in-depth course available for students looking to learn about the Risk Management Framework for DoD Information Technology. Risk Management Framework (RMF) describes the DoD process for identifying, implementing, assessing, and managing cybersecurity capabilities and services, expressed as security controls, and authorizing the operation of Information Systems (IS) and Platform Information Technology (PIT) systems.

RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system lifecycle, promotes reciprocity to the maximum extent possible and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and adopts the term cybersecurity in place of information assurance.

Objectives

After completing the ARECyber’s DoD RMF Course, participants will be able to:

  • Understand the Risk Management Framework for DoD IT Authorization process
  • Understand FISMA and NIST processes for authorizing Federal IT systems
  • Explain key roles and responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real-world activities and situations

Benefits and Goals

This boot camp course blends lecture, discussion, and hands-on exercises to educate students on RMF methodology. Students will be prepared to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop covers the transition from the DoD C&A process (DIACAP) to RMF and explains the methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the DoD Instruction 8510.01 (RMF for DoD IT) into steps, tasks, outputs, and responsible entities and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the RMF Knowledge Service and corresponding NIST Special Publications

Course Curriculum

  • 1

    NIST RMF for DoD (800-53 rev4)

    • RMF Chapter 1 Introduction

    • RMF Chapter 2 Cybersecurity Policy Regulations and Framework

    • RMF Chapter 3 RMF Roles and Responsibilities

    • RMF Chapter 4 Risk Analysis Process

    • RMF Chapter 5 Step 1 Categorize

    • RMF Chapter 6 Step 2 Select

    • RMF Chapter 7 Step 3 Implement

    • RMF Chapter 8 Step 4 Assess

    • RMF Chapter 9 Step 5 Authorize

    • RMF Chapter 10 Step 6 Monitor

About the instructor

CISSP, CISM, CISA, CCNA(ex), CASP, CompTIA Security+, CompTIA Linux+

Michael Redman

After graduating from the Cisco Networking Academy with honors, he’s achieved AAS degrees in Computer Networking and Network Security, as well as BS in Network Engineering. Twice awarded the National Science Foundation Scholarship; and a recognized SME by the CSIAC, CompTIA, and ISC2. He has sat on the advisory boards for both the undergraduate colleges as served as the Chair - Cybersecurity Training Working Group for the US Army. Michael has a demonstrated ability to deliver complex technical instruction in a clear and understandable manor.  This ability earned him recognition by the Southern Association of Colleges as an outstanding educator in 2010.Michael has served as the Sr. cybersecurity advisor to 2 and 3 Star commander(s) and senior executive management regarding advanced techniques and developments in the Information Assurance / Cyber Security arena of Automated Information Systems (AIS).  Responsible to both identify risk and recommend appropriate countermeasure within the enclave and isolated computing environments of the DoD. He has a proven ability to manage highly technical staff working with multiple levels of data sensitivity [ranging from Public to Top Secret/SCI] with duties ranging from design and architecture, security engineering, installation, and integration of systems and/or enclaves.  Michael plans, organizes and executes risk management and Department of Defense Independent Verification and Validation (IV&V) activities, identifying security vulnerabilities utilizing a variety of classic and modern exploit tools and techniques. He is a highly skilled IT consultant focusing on largescale software upgrades and rollouts, network troubleshooting, modernization and design.  Configuration and support for Intrusion Detection/Protection Systems, Firewalls, and Network Security.  Michael has also provided network modernization and design consulting services for the Navy, Air Force and Marine Corps specializing in secure virtual infrastructure design and deployment. Additionally, he has helped many IT professionals achieve not only their desired certifications but also, their advanced degrees in both Computer Networking and Network Security.  Michael’s students have gone on to secure employment within the DoD, State, Federal and commercial arenas.  Some of the courses he’s authored/instructed are, ICND 1 & 2, CompTIA Security+, Network+, Linux+, and CASP.  The ISACA CISM, and CISA, and, the ISC2 CISSP and CAP. With an active TS/SCI, he’s been a speaker at the Atlanta Advanced Persistent Threat Summit, NETCOM Cybersecurity Workshop and Cybersecurity informational workshops for corporate companies like HP, Booze Allen and Northrup Grumman and others.

What others have been saying about this course:

This is the most comprehensive review of the RMF process.  Delivered by one of the industries foremost Subject Matter Expert

Sign up now!

You may also be interested in...