RMF for DoD IT Workshop

The Risk Management Framework for DoD Information Technology Workshop

Course Description

SecureInfo is pleased to announce the release of the Risk Management Framework for DoD Information Technology (RMF for DoD IT or RDIT) Workshop. This intense Cybersecurity-based workshop blends lecture, discussion, and hands-on exercises to educate students on the new RDIT methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop compares and contrasts numerous aspects of the current DoD C&A process (DIACAP), to the new methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the RDIT methodology (into steps, tasks, outputs, and responsible entities) and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the DIACAP Knowledge Service and complimented by NIST Special Publications.

Background

The Department of Defense has adopted and will transition to a new Cybersecurity Risk Management Framework (RMF) methodology [RDIT] as the replacement for DIACAP. The direction for this transformation comes from the latest set of both DoD and Committee for National Security Systems (CNSS) document replacements for DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, CNSSP 22, and CNSSI 1253. The RDIT is supported and complimented through a suite of standards and guidelines: National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, 800-30, 800-39, 800-53, 800-53A, and 800-137.

Duration: 5 days

Cost of Course: $2,300.00 per student (GSA and Volume Rates Available)

Materials Required

Laptops are required as each student will be asked to create documentation and participate in practical exercises that guide the students. The laptop must have Adobe Acrobat Reader, Excel and Word.Resource Kits are provided via CDs for students attending the course, for in-class work, as well as supplemental materials.

NOTE: SecureInfo training locations have appropriately configured computers for each student.

Course Materials Provided

Students will receive a workbook (to include instructional slides) and Resource Kit via CD (includes all supporting materials and exercises).

Instructor Policy

Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival please let us know at the time of registration. Please do not make any travel arrangements prior to 6pm on the last day of training.

Locations

We offer this course in the SecureInfo training classroom (San Antonio, Texas; Colorado Springs, Colorado; or Alexandria, Virginia locations) or via mobile training at your facility for up to 20 students per course. Contact us at training@secureinfo.com or (210) 403-5600 (ask for training) for more information and pricing on mobile training options.

Who Should Attend?

The curriculum covered in this course is appropriate for all government and contractor personnel who must understand and implement the new RDIT methodology; including, but not limited to, ISSMs, ISSOs, SCAs, PM/SMs, AO Reps, and IG/Auditors.

Individuals with information system and security management and oversight responsibilities.
(e.g., authorizing official representatives, chief information officers, senior information assurance officers, information system owners, or certifying authorities)
Individuals with information system and information assurance control assessment and monitoring responsibilities.
(e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, Inspectors General, or program managers)
Individuals with information assurance implementation and operational responsibilities.
(e.g., information system owners, information owners/stewards, mission/business owners, information systems security managers/officers, security managers, or system administrators)

Course Topics*

DIACAP Workshop (5 days):

Module 1: Introduction

RDIT Terms and Key Concepts for Module 1
DoD & RMF Background
Purpose and Applicability of DoDD 8500.1, DoDI 8500.2 and 8510.01
Purpose and Applicability of CNSSP 22, and CNSSI 1253
Purpose and Applicability of NIST SP 800-37, 800-53, 800-39
Summary of RDIT Tasks
End of Module 1 Exercise

Module 2: RDIT Fundamentals

RDIT Terms and Key Concepts for Module 2
RDIT Roles and Responsibilities
RDIT Process Documentation
Integrated Enterprise-Wide Risk Management
DoD IS and PIT
End of Module 2 Exercise

Module 3: RDIT Extras

RDIT Terms and Key Concepts for Module 3
Reciprocity of Assessments and Authorizations
RDIT Knowledge Service
Transitioning (C&A) to Security Authorization
End of Module 3 Exercise

Module 4: Working with the Security Controls

RDIT Terms and Key Concepts for Module 4
NIST SP 800-53, Security Controls
NIST SP 800-53A, Assessing Security Controls
End of Module 4 Exercise

Module 5: RDIT Process - A Detailed Look

RDIT Terms and Key Concepts for Module 5
The RDIT Process (In-Depth)

End of Course Exercise

* This Course Syllabus and the RDIT Curriculum are subject to change as more information about the RMF for DoD IT process becomes available and as the referenced documents are finalized and released.

Register Now

Questions about our corporate training may be directed to training@secureinfo.com, or call 888.677.9351.

Ask about our mobile training capability--it saves you money!

Schedule:
View Upcoming Courses

Prices:
For Corporate Pricing, Please Call 888.677.9351

GSA Contract:
GS-35F-0509W

Training
- Courses
- Schedule/Registration