The NIST Risk Management Framework
3 Day Course
SecureInfo Corporation is pleased to offer this course for those working within the Federal Government or Department of Defense who must understand, implement, maintain and transition to NIST SP 800-37, Rev1, “Applying the Risk Management Framework to Federal Information Systems”.
This course consists of lecture and discussion to educate the student on the NIST security authorization process and its integration into the RMF, and addresses the fundamental concepts associated with the six steps and 24 tasks of the RMF including: security categorization of information and systems; security control selection, tailoring, and supplementation; security control implementation and assessment; the security authorization process; and the requirements for continuously monitoring security controls throughout an information systems life-cycle.
Cost of Course: $1,500.00 per student (GSA and Volume Rates Available)
Materials Required
There are no materials required of students attending courses at either SecureInfo location.
Students attending mobile courses at customer sites must furnish their own laptops as each student will be asked to create documentation and participate in practical hands-on exercises that guide the students learning experience. The laptop must have Adobe Acrobat Reader, Microsoft Excel and Word.
Course Materials Provided
Students will receive a workbook (to include instructional slides) and Resource Kit via CD (includes all supporting materials and exercises).
Instructor Policy
Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival please let us know at the time of registration. Please do not make any travel arrangements prior to 6pm on the last day of training.
Locations
We offer this course in the SecureInfo training classroom (San Antonio, Texas or Alexandria, Virginia locations) or via mobile training at your facility for up to 15 students per course. Contact us at training@secureinfo.com or (210) 403-5600 (ask for training) for more information and pricing on mobile training options.
Who Should Attend?
NIST’s new common foundation for information security/assurance provides the Intelligence Community, Defense, and Civil sectors of the federal government and their supporting contractors, more uniform and consistent ways to manage the risk to operations, assets, individuals, other organizations, and the Nation from the operation and use of information systems. State, local, and tribal governments, as well as private sector organizations that compose the critical infrastructure of the United States, are also highly encouraged by NIST to consider the use of the new guidelines. The NIST RMF course of instruction is intended to serve a diverse group of information system and information security/assurance professionals, both in and supporting the federal government including:
- Individuals with information system development and integration responsibilities.
(e.g., program managers, information technology product developers, information system developers, systems integrators) - Individuals with information system and security management and oversight responsibilities.
(e.g., authorizing officials, chief information officers, senior agency information security officers, information system managers, information security managers) - Individuals with information system and security control assessment and monitoring responsibilities.
(e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, Inspectors General, or information system owners) - Individuals with information security implementation and operational responsibilities.
(e.g., information system owners, common control providers, information owners/stewards, mission/business owners, information system security engineers/officers)
Course Topics
Module 1: Introduction to RMF
- RMF Terms and key Concepts
- RMF Background
- Purpose and Applicability of SP 800-37
- RMF Tasks - Overview
- RMF Roles and Responsibilities – Overview
Module 2: RMF Fundamentals
- Integrated Enterprise-Wide Risk Management
- System Development Life Cycle
- Information System Boundaries - Overview
- Security Control Allocation
- Continuous Monitoring - Overview
- Operational Scenarios
- Security Controls in External Environments
Module 3: The RMF Process
- Activity 1: Categorize Information System
- Activity 2: Select Security Controls
- Activity 3: Implement Security Controls
- Activity 4: Assess Security Controls
- Activity 5: Authorize Information System
- Activity 6: Monitor Security Controls
Register Now
Questions about our corporate training may be directed to training@secureinfo.com, or call 888.677.9351.
Ask about our mobile training capability--it saves you money!
Schedule:
View Upcoming Courses
Prices:
For Corporate Pricing, Please Call 888.677.9351
GSA Contract:
GS-35F-0509W
- Training
- Courses
- AFCAP/eMASS Workshop 3-Day
- Addressing Cyber Security Controls
- CompTIA A+ Essentials
- CompTIA A+ Practical Applications
- CompTIA Security+ Workshop
- DIACAP Essentials
- DIACAP Workshop
- eMASS
- FedRAMP for Cloud Computing 3-Day
- NIST Continuous Monitoring 1-Day
- NIST Continuous Monitoring 3-Day
- NIST Continuous Monitoring 5-Day
- NIST Organizational Risk Management
- NIST RMF Workshop 3-Day
- NIST RMF Workshop 5-Day
- NIST Security Controls Workshop 3-Day
- NIST Security Controls Workshop 5-Day
- RMS Product Training
- Schedule/Registration
- Courses