RMF COURSE CURRICULUM
Our curriculum covers the entire RMF schema in a simplified linear method that ensures all areas are covered in-depth.
STEP 1 CATEGORIZE
TASK 1-1: Categorize Information System
TASK 1-2: Information System Description
TASK 1-3: Information System Registration
STEP 2 SELECT SECURITY CONTROLS
TASK 2-1: Identify Common Controls
TASK 2-2: Select Security Controls
TASK 2-3: Monitoring Strategy
TASK 2-4: System Security Plan Approval
STEP 3 IMPLEMENT SECURITY CONTROLS
TASK 3-1: Implement Security Controls
TASK 3-2: Security Control Documentation
STEP 4 ASSESS
TASK 4-1: Prepare for Assessment
TASK 4-2: Security Control Assessment
TASK 4-3: Security Assessment Report
TASK 4-4: Remediation Actions
STEP 5 AUTHORIZE TASK
TASK 5-1: Plan of Action and Milestones
TASK 5-2: Security Authorization Package
TASK 5-3: Risk Determination
TASK 5-4: Risk Acceptance
STEP 6 MONITOR
TASK 6-1: Determine Security Impact
TASK 6-2: Ongoing Security Control Assessments
TASK 6-3: Remediation Actions
TASK 6-4: Key Updates
TASK 6-5: Security Status Reporting
TASK 6-6: Ongoing Risk Determination and Acceptance
TASK 6-7: Information System Removal and Decommissioning
RMF Training DESCRIPTION
Our RMF Training is more than the high level RMF description and terms training that is offered by most of our competitors. We keep our groups as small as possible to allow in-depth discussions on how you will implement RMF when you return meaning that there will be maximum student participation.
Our training has unique characteristics that separate us from the competition. Our primary instructor has hands in experience in every aspect of RMF and has been deeply involved with several high profile RMF projects. The primary instructor has also served time working side by side with Authorizing Officials (AO), Designated Authorizing Officials (DAO) and Security Control Assessors (SCA). Primary instructor has reviewed countless security authorization artifacts, conducted several official security control assessments on NSS systems, and has even trained other SCAs on how to properly assess information systems.
.