BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Course Overview
Risk Management Framework (RMF) is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC). DoD officially began its transition from the legacy DIACAP process to the new “RMF for DoD IT” process.
This course can also be used to aid in preparation for the ISC2 Certified Authorization Professional (CAP) exam, although it does not cover 100% of the CAP exam requirements. If your goal is primarily to prepare for the CAP Exam, you should use our course, Federal Risk Management Framework (RMF) 2.0 Implementation with CAP Exam Review.
This course is current as of March 2019. It was revised due to NIST producing new and updated publications over the preceding two years, including SP 800-37, rev. 2; SP-800-53, rev. 5; SP 800-160, V1 and V2; and SP 800-171, rev. 1 among others. It was also revised due to additional DoD updates to DODI 8510.01. D
The course comes with a disk of reference materials including sample documents, NIST publications, and regulatory documents. Downloadable ancillary materials include a study guide and a References and Policies handout. Instructors will also be given access to an exam with answer key.
Schedule
Federal Risk Management Framework (RMF) 2.0 Training Certification
5/27/25 - 5/30/25 (1 days)
Open
$0
5/27/25 - 5/30/25 (1 days)
Open
$0
9/02/25 - 9/05/25 (1 days)
Open
$0
9/02/25 - 9/05/25 (1 days)
Open
$0
Not seeing a good fit?
Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.
Course Objectives
- Understand the Risk Management Framework for DoD IT Authorization process
- Understand FISMA and NIST processes for authorizing Federal IT systems
- Explain key roles and responsibilities
- Explain statutory and regulatory requirements
- Apply these principles to real-world activities and situations
Course Outline
Introduction
- RMF overview
- DoD- and IC- Specific Guidelines
- Key concepts including assurance, assessment, authorization
- Security controls
Cybersecurity Policy Regulations & Framework
- Security laws, policy, and regulations
- DIACAP to RMF
- System Development Life Cycle (SLDC)
- Documents for cyber security guidance
RMF Roles and Responsibilities
- Tasks and responsibilities for RMF roles
Risk Analysis Process
- Overview of risk management
- Four-step risk management process
- Tasks breakdown
- Risk assessment reporting and options
Step 1 – Categorize
- Step key references and overview
- Sample SSP
- Task 1-1: Security Categorization
- Task 1-2: Information System Description
- Task 1-3: Information System Registration
- Lab: The Security Awareness Agency
Step 2 – Select
- Step key references and overview
- Task 2-1: Common Control Identification
- Task 2-2: Select Security Controls
- Task 2-3: Monitoring Strategy
- Task 2-4: Security Plan Approval
- Lab: Select Security Controls
Step 3 – Implement
- Step key references and overview
- Task 3-1: Security Control Implementation
- Task 3.2: Security Control Documentation
- Lab: Security Control Implementation
Step 4 – Assess
- Step key references and overview
- Task 4-1: Assessment Preparation
- Task 4-2: Security Control Assessment
- Task 4-3: Security Assessment Report
- Task 4-4: Remediation Actions
- Task 4-5: Final Assessment Report
- Lab: Assessment Preparation
Step 5 – Authorize
- Step key references and overview
- Task 5-1: Plan of Action and Milestones
- Task 5-2: Security Authorization Package
- Task 5-3: Risk Determination
- Task 5-4: Risk Acceptance DoD Considerations
- Lab Step 5: Authorize Information Systems
Step 6 – Monitor
- Step key references and overview
- Task 6-1: Information System & Environment Changes
- Task 6-2: Ongoing Security Control Assessments
- Task 6-3: Ongoing Remediation Actions
- Task 6-4: Key Updates
- Task 6-5: Security Status Reporting
- Task 6-6: Ongoing Risk Determination & Acceptance
- Task 6-7: Information System Removal & Decommissioning
- Continuous Monitoring
- Security Automation Domains
- Lab: Info System & Environment Changes
DoD/IC RMF Implementation
- eMASS
- RMF Knowledge Service
- DoD/IC Specific Documentation
- RMF within DoD and IC process review
RMF Training FAQs
Who should take this course?
This course is designed for system owners, administrators, developers, integrators, and information assurance staff who need to understand
FISMA, RMF process (including Security Authorization or A&A), NIST baseline security controls, documentation package, and continuous monitoring process.
What is the recommended experience for this course?
Students should have knowledge and experience with information security systems and best practices.
Federal Risk Management Framework (RMF) 2.0 Training Certification Resources
BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org
![[image]](https://pts.sizeable.works/wp-content/themes/phoenixts-com/assets/images/temp/image-9@2x.jpg)
![[GSA LOGO]](https://pts.sizeable.works/wp-content/themes/phoenixts-com/assets/images/gsa-logo-black.png){kind=logo}
