Risk Management Framework for DoD and Intelligence Communities Information Technology (IT) Intensive 4-Day Course
This course equips the student with an overview of the system Authorization and Assessment process (also known as A&A) and the Risk Management Framework (RMF) for DoD IT and National Security Systems (NSS). This course reviews, at an in-depth level, NIST SP 800-37, NIST SP 800-53, Rev 4, DoDI 8510.01, DODI 8500.1, CNSS 1253, and other crucial directives that govern this process. In addition to the classroom instruction, the student will also participate in several scenario-based hands-on exercises in the implementation of the RMF using the CNSS, DoD, and Special Access Program (SAP) requirements to provide a clear knowledge bridge to the revised system authorization processes – for those currently working with A&A or for those who have limited or no A&A experience. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for NSS and DoD Systems.
Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments.
The fourth day of this Intensive course provides each student with a hands-on experience in using automated vulnerability assessment and other tools used to support the DoD and IC system authorization process. This is taught through lecture, hands-on exercises, and group discussion.
Course includes the following takeaway items: a printed training book and a CD that includes reference materials pertaining to the course.
NICE Work Roles
Information Systems Security Developer
Designs, develops, tests, and evaluates information systems throughout the systems development life cycle.
Information Systems Security Manager
Responsible for the cybersecurity of a program, organization, system, or enclave.
Share this course