RMF Training | DoD Risk Management Framework Process Training

Print Friendly, PDF & Email
Introduction

RMF Training | DoD Risk Management Framework Process Training Course Hands-on

Learn how to apply cost-effective and appropriate security controls based on risk and best practices with DoD Risk Management Framework Process Training

In this RMF Training | DoD Risk Management Framework Process Training course, you will gain a thorough understanding of the new DoD authorization process as required by DoDI 8510.01, Risk Management Framework for DoD IT, 14 March 2014, and based on the new Committee of National Security Systems Instruction 1253 (CNSSI 1253), Security Categorization and Security Control Selection for National Security Systems (NSS), 27 March 2014, and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

With RMF Training | DoD Risk Management Framework Process Training, you will also learn how to apply cost-effective and appropriate security controls based on risk and best practices. This highly interactive DoD Risk Management Framework Process Training course provides actual examples of the key documents required to complete the RMF processes.

Duration: 3 days

RMF Training | DoD Risk Management Framework Process Training Related Courses

Customize It

• We can adapt this RMF Training | DoD Risk Management Framework Process Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this DoD Risk Management Framework Process Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the DoD Risk Management Framework Process Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the DoD Risk Management Framework Process Training course in manner understandable to lay audiences.

Audience / Target Group

• Individuals who need to gain a thorough understanding of the new DoD authorization process

DoD Risk Management Framework Process Training - Objectives:

After completing this RMF Training | DoD Risk Management Framework Process Training course, attendees will be able to:

In-depth coverage of the seven domains required to pass the SSCP exam:

• Authorization process
• Risk management
• Risk assessment
• Roles and responsibilities
• RMF tools
• Categorize information and information systems
• Select, implement, and assess security controls
• Authorize information system
• Monitor security controls

DoD Risk Management Framework Process Training - Course Content:

Concept of Authorization Process

◾Problem, Controls, Implement, Assess, Approve and Maintain
◾Authorization Evolution
◾DITSCAP, NIACAP, FISMA, NIST, DIACAP, and RMF
◾Department of Defense (DoD) Risk Management Framework (RMF)
◾DoD: DoDI 8500.01 and DoDI 8510.01
◾CNSS: CNSSP-42, CNSSI-1253 and Appendix K Annexes, CNSSI-1253A, and CNSS 4009
◾NIST: SP 800-18, SP 800-37, SP 800-39, SP 800-53, SP 800,53A, SP 800-137, and SP 800-160
◾Security Processes and Concepts
◾Adequate Security and Risk-Based Cost-Effective – OMB Circular A-130
◾Security Objectives: Confidentiality, Integrity and Availability
◾Risk: Low, Moderate, and High
◾Privacy Rules: HIPAA and Personally Identifiable Information (PII)
◾Trust Relationships: Reciprocity and Documents
◾Defense-in-Depth
◾Risk Management (NIST SP800-39)
◾Risk Assessment (NIST SP800-30)
◾Qualitative, Quantitative, and Quasi-Quantitative
◾Risk Assessment Group Exercise
◾Roles and Responsibilities (NIST SP800-37 and DoD 8510.01)
◾DoD and Component Chief Information Officers (CIO)
◾Risk Executive (Function)
◾DoD and Component Senior Information Security Officer (SISO)
◾Authorizing Official (AO)
◾AO Designated Representative (AODR)
◾Information Owner (IO) /Steward
◾Common Control Provider (CC Provider)
◾Information System Security Manager (ISSM)
◾Information System Owner (ISO)
◾Information System Security Engineer ISSE)
◾Security Control Assessor (SCA)
◾User Representative (UR)
◾RMF Tools – DoDI 8510.01
◾eMASS and Information Assurance Support Environment (IASE)

Categorize Information and Information System

◾System Security Plan – SP 800-18, SP 800-37 and Sample SP
◾Categorization – CNSSI-1243
◾Accreditation Boundaries – SP 800-18 and SP 800-37
◾Boundary and Categorization Group Exercise
◾Interconnecting Information Systems – SP 800-47
◾Registration – SP 800-53

Select Security Controls

◾Specific, Common and Hybrid Controls – SP 800-53, CNSSI-1253, and Sample SP
◾Type Control Group Exercise
◾Overlays – CNSSI-1253, SP 800-53, and Sample Overlay
◾Selecting Security Controls – CNSSI-1253, FIPS-200, and SP 800-53
◾Tailoring Controls – CNSSI-1252 and SP 800-53
◾Tailoring Controls Group Exercise
◾Trustworthiness and Assurance – SP 800-53
◾Monitored Control Selection – SP 800-37

Implement Security Controls

◾Security Control Implementation – SP 800-53
◾Compensating Controls – SP 800-53
◾Compensating Control Group Exercise
◾Approved Configurations, Tests and Checklists – SP 800-70, eMASS and IASE.mil
◾Contingency Strategies
◾Group Contingency Deployment Group Exercise

Assess Security Controls

◾Assessment and Testing Methods – SP 800-53A and SP 800-115
◾Vulnerability Tools and Techniques – SP 800-53A and SP 800-115
◾Develop Security Assessment Plan and Report – SP 700-37 and Sample SAR
◾Assessor Expertise and Independence – SP 800-37 and DoDI 8510.01
◾Conduct Security Control Assessments – SP 800-53 and SP 800-115

Authorize Information System

◾Plan Of Actions and Milestones (POA&M) – OMB M-01-01 and Sample POA&M
◾Security Authorization Package – SP 800-37
◾SSP, SAR, and POA&M
◾Authorization – SP 800-37 and DoDI 8510-01
◾Authority to Operate (ATO)
◾Interim Authorization to Test (IATT)
◾Denial of Approval to Operate (DATO)
◾Special Authorizations – DoDI 8510.01
◾Type Authorizations
◾Platform Information Technology (PIT) Authorizations

Monitor Security Controls

◾Continuous Monitoring – SP 800-53
◾Information Security Continuous Monitoring (ISCM) – SP 800-137 and Sample ISCM Plans
◾Security Configuration Management – SP 800-128
◾Patch and Vulnerability Management – SP 800-40
◾Security Content Automation Protocol (SCAP) – SP 800-115 and SP 800-117
◾Host-Based Security System (HBSS) Program – IASE

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0