SEC525 - Applying the Risk Management Framework (RMF) and NIST Controls

Course Description

Short Course | 24 hours | 2.4 CEUs | $3,595

This course is focused on the transition to the new RMF v2.0 that is taking place within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC). This course is designed to provide Cybersecurity and Information Security Professionals that are responsible for implementing the unified federal Risk Management Framework (RMF), the knowledge, understanding and practices needed to apply the relevant DoD, NIST and CNSS publications to their work environment. Students will gain an understanding of the Risk Management Framework; associated risk management and assessment processes; implementation practices, techniques and technologies; roles and responsibilities; and artifacts development leading to U.S. Government information system authorization. Students will also learn and discuss the RMF seven (7) step process integrated with the System Development Life Cycle to include roles and responsibilities; references; and guidelines. They will complete exercises relevant to executing the RMF - for example, how to prepare for the RMF, categorize an information system, select security controls, and complete various RMF artifacts for system authorization. Students will also learn and discuss the technologies, best practices, and procedures used in the implementing the RMF. Other topics include life cycle activities in the DoD Instruction 8510.01 (RMF for DoD IT), NIST Special Publication (SP) 800-53 Security Controls, NIST assessment procedures, and enhancements from CNSS Instruction 1253. Training will include lectures and class discussions, class hands-on activities as well as individual hands-on activities, case studies, and individual and team exercises.

SEC525 is the first course in the Government Cybersecurity RMF Specialist. To complete the certificate students will also enroll in SEC550, & SEC575. Click on each course link for more details and to add to cart.

Course Outline

• Introduction
• Cybersecurity principles
• Risk management of Federal Information Systems
• Threats and issues
• Framework and methodologies of information system risk assessment and management aligned to the RMF
• Federal policies, instructions, and guidelines for implementing the RMF
• Foundations of Information Security and Risk Management
• RMF Life Cycle Process
  • Prepare Step – Organization
  • Prepare Step System
  • Categorize System Step
  • Select Controls Step
  • Implement Controls Step
  • Assess Controls Step
  • Authorize System Step
  • Monitor Controls Step
  • Roles and Responsibilities, References and Guidelines
• RMF Documentation
• System Security Plan
• Security Assessment Report
• NIST Controls
  • Security Controls
  • Management Controls
  • Operational Controls
  • Technical Controls
  • Controls Assessment
• RMF Resources
• Automated Security Tools
• DIACAP to RMF Transition

Duration

Applies Towards the Following Certificates

• Cybersecurity and Product Security Upskilling Certificate 2023 : 60 Hour Certificate
• Cybersecurity Risk Management Certificate- 72 Hour : Required
• Government RMF Specialist Certificate : 72 Hour Certificate