| Infotec

DoD Risk Management Framework: Securing Information Systems

Course Schedule:

Please contact Infotec at 1-800-720-9185 regarding the availability of this class.

Overview

Our Custom DoD RMF Course provides an introduction to the new DoD RMF process for securing military systems (DoDI 8500.01 and DoDI 8510.01). It includes samples of key documents (Security Plan, Security Assessment Report, POA&M and Information Security Continuous Monitoring Plan). The DoD RMF process is based the key concepts of mission and risk-based, cost-effective, and enterprise information system security. Uniquely this new process was developed with the progressive visions that future information systems will have: Automated presentation of security status; Proactive and preventative configuration control to prevent unauthorized changes; Automated updating and patching; Near-real-time awareness from an enterprise level; and Continuous security authorization.

This class was written specifically based on all the above instructions and related NIST Special Publications with the purpose of providing individuals with the knowledge to understand the DoD RMF process and implement the same for their systems. The course has been augmented with hands-on labs using successful strategies and real-world samples of key documents (i.e., Security Plan (SP), Security Assessment Reports (SAR), Plan of Action and Milestones (POA&M), Overlays, and Information Security Continuous Monitoring Plans (ISCMP)). These help to ensure this class supports the all the personnel at the DoD Component levels from the Chief Information Officer (CIO) and Authorizing Official (AO) to the Information System Owner (ISO) and User Representative (UR) in understanding the process and their responsibilities in implementing the DoD RMF process.

This course is approved for CE credit from CompTIA for Network+, Security+ and CASP. Our RMF course is also relevant to the domains for CISSP and the objectives for CISM.

Course Content

Section A: Understanding Security Authorization

FISMA, NIST/NSA, NIST Publications, and OMB A-130
Certification & Accreditation (C&A) or Authorization
Authorization Evolution
Authorization 2010 and Beyond
Risk Management Framework (RMF)
DoD RMF and CNSSI-I253
System Development Life Cycle (SDLC) and DoD System Acquisition Process
System to Enterprise Evolution 2002-2010
Hierarchical Risk Management
DoD RMF Governance
Roles and Responsibilities
Information Systems, Defense Concepts, and Perfect Security
Risk and Risk Assessments
Security Objectives and Impact Levels
Trust Relationships and Reciprocity
DoD RMF Publication Flow

Section B: Categorization of Information and Information Systems

Security Plan (SP) SP800-18 and SP 800-37
DoD IT Products, Services and PIT DoDI 8510.01
Knowledge Service (KS) rmfks.osd.mil
Categorization CNSSI-1253, FIPS 199, and SP800-60 ICD-503
Initiate SP and Authorization Boundaries SP800-18 and SP 800-37
Registration SP800-53
Assign Qualified Personnel DoDD 8570.01 and DoDDI 8140.01

Section C: Selection of Security Controls

Specific, Common, and Hybrid Controls SP800-53
Selecting Security Controls CNSSI-1253, FIPS-200, and SP800-53
DoD RMF Control Baseline Tool
Overlays CNSSI-1253 and SP800-53
Tailoring Controls CNSSI-1253 and SP800-53
Compensating Controls SP800-53
Trustworthiness and Assurance SP800-53
Monitoring Strategy SP800-137
Approval and Registration DoDI 8510.01
Knowledge Service and eMASS

Section D: Implementation of Security Controls

Security Control Implementation SP800-53
Control Documentation SP800-18 and SP800-37
Approved Configurations, Tests and Checklists SP800-70
Security Content Automation Protocol(SCAP) SP800-115 SP800-117
Contingency Operations and Risk Author's Experience

Section E: Assessment of Security Controls

Assessment and Testing Methods SP800-53A and SP800-115
Vulnerability Tools and Techniques SP800-53A and SP800-115
Develop Security Assessment Plan (SAP) and Report (SAR) SP800-37
Expertise and Independence SP800-37
Assess Security Control SP800-53A and SP800-115
Security Assessment Report (SAR) SP800-37, SP800-53A, and SP800-115
Conduct Remediation Actions SP800-37 and SP800-53

Section F: Authorization of Information Systems

Special DoD Systems DoDI 8510.01
Plan Of Actions and Milestones (POA&M) OMB M-02-01
Security Authorization Package SP800-37 and DoDI 8510.01
Determine Risk DoDI 8510.01
Authorization SP800-37 and DoDI 8510.01
Section G: Continuous Monitoring of Security Controls
Continuous Monitoring SP800-53 and DoDI 8510.01
Information Security Continuous Monitoring (ISCM) SP800-137 and HBSS
Determine Impact of Change SP800-128 and SecCM
Patch and Vulnerability Management SP800-40
Security Content Automation Protocol (SCAP) SP800-115 and SP800-117
Assessments SP800-53A and SP800-115
Cloud Computing FedRAMP and SRG
More Overlays FedRAMP, SP800-53, and NSI-1253
DIACAP to DoD RMF Transition Schedule DoDI 8510.01

For More Information

To get started, fill out this simple form!

* First Name * Last Name * Phone * Email Organization Name * City * State * Zip Course Name

*Required Field

Get Started!

Find another course:

COURSE LOOKUP