NIST RMF for FISs/NSSs

The NIST SP 800-37, Rev1 “Applying the Risk Management Framework (RMF) to Federal Information Systems (FISs/NSSs)” 5 Day Workshop

SecureInfo Corporation is pleased to offer an intense 5-day Workshop for those working within the Federal Government, Department of Defense, or the Intelligence Community who must understand, implement, maintain and transition to the security authorization process outlined in NIST SP 800-37, Rev1, and CNSSP 22 and CNSSI 1253 for National Security Systems (NSSs).

This workshop is a blend of lecture, discussion, and practical hands-on exercises to familiarize the student with the guidelines for integrating the risk management framework into your enterprise/security architecture and system development life-cycle (SDLC).

This exciting workshop covers the fundamental concepts associated with six steps and 24 tasks of the RMF. The workshop zeros in on: security categorization of information and systems (FISS/NSSs); Security Control selection, tailoring, and supplementation; Security Control implementation and assessment; the security authorization process; and the requirements for continuously monitoring Security Controls throughout the FIS/NSS life-cycle. The level of detail provided for each step/task consists of the activities that identify organizational roles with primary responsibility for carrying out the tasks, supporting roles, corresponding phases in the RMF/SDLC where the tasks are typically executed, implementation guidance to amplify and add greater clarity to the tasks, and essential publication references (FIPS, Special Publications, CNSSP, CNSSI and others). The workshop includes the development and content of the Security Authorization Package documents: System Security Plan, Security Assessment Report, and Plan of Actions and Milestones.

Duration: 5 days

Cost of Course: $2,300.00 per student (GSA and Volume Rates Available)

Materials Required

Laptops are required as each student will be asked to create documentation and participate in practical hands-on exercises that guide the students learning experience. The laptop must have Adobe Acrobat Reader, Microsoft Excel and Word. NOTE: SecureInfo training locations have appropriately configured computers for each student.

Course Materials

Provided Students will receive a workbook (to include instructional slides) and Resource Kit via CD (includes all supporting materials and exercises).

Instructor Policy

Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival please let us know at the time of registration. Please do not make any travel arrangements prior to 6pm on the last day of training.

Locations

We offer this course in the SecureInfo training classroom (San Antonio, Texas or Alexandria, Virginia locations) or via mobile training at your facility for up to 20 students per course. Contact us at training@secureinfo.com or (210) 403-5600 (ask for training) for more information and pricing on mobile training options.

Who Should Attend?

NIST’s new common foundation for information security/assurance provides the Intelligence Community, Defense, and Civil sectors of the federal government and their supporting contractors, more uniform and consistent ways to manage the risk to operations, assets, individuals, other organizations, and the Nation from the operation and use of federal information systems and national security systems. State, local, and tribal governments, as well as private sector organizations that compose the critical infrastructure of the United States, are also highly encouraged to use the NIST guidelines. The RMF Workshop is intended to serve a diverse group of information system and information security/assurance professionals, both in and supporting the federal government including:

Individuals with information system development and integration responsibilities.
(e.g., program managers, information technology product developers, information system developers, systems integrators)
Individuals with information system and security management and oversight responsibilities.
(e.g., authorizing officials, chief information officers, senior agency information security officers, information system managers, information security managers)
Individuals with information system and security control assessment and monitoring responsibilities.
(e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, Inspectors General, or information system owners)
Individuals with information security implementation and operational responsibilities.
(e.g., information system owners, common control providers, information owners/stewards, mission/business owners, information system security engineers/officers)