Class Description

The Risk Management Framework (RMF) was developed by the National Institute for Standards and Technology (NIST) to help DoD and Federal agencies manage risks to and from Information Technology (IT) systems more easily, efficiently and effectively. The Risk Management Framework provides a structured, yet flexible approach for managing the portion of risk resulting from the incorporation of information systems into the mission and business processes of the organization; and processes to help Federal and DoD agencies pass FISMA, CCRI Inspections, and OIG Audits.  Students will grasp application-based concepts by participating in hands on exercises and real-time learning to managing risk for the confidentiality, availability and integrity of information systems. The course will introduce adult learning principles that enhance the authorization of information systems, and the RMF tasks that support the selection, development, implementation, assessment, authorization, and ongoing monitoring of common controls inherited by organizational information systems. Students will be provided a system profile to learn the RMF process and how to apply key concepts for developing various deliverables such as the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M).  The training at SEMAIS provides a comprehensive learning methodology to capture these key tasks and requirements to accredit Federal and DoD Systems based on FIPS 199, NIST SP 800-60, NIST SP 800-37 Revision 1, NIST SP 800-39, NIST SP 800-30, NIST SP 800-34, NIST SP 800-53 Revision 3, and NIST SP 800-53A.  The course can also be used as test preparation for the ISC2 Certified Authorization Professional (CAP) and the Center for Development of Security Excellence (CDSE) examination.

Course Modules - 4 Days Onsite

  • Module 1: Introduction
  • Module 2: Cybersecurity Policy Regulations and Framework
  • Module 3: RMF Roles and Responsibilities
  • Module 4: Risk Analysis Process
  • Module 5: Step 1: Categorize
  • Module 6: Step 2: Select
  • Module 7: Step 3: Implement
  • Module 8: Step 4: Assess
  • Module 9: Step 5: Authorize
  • Module 10: Step 6: Monitor
  • Module 11: Risk Management Framework for DoD and the Intelligence Community


© 2017 Secure Manged Instruction Systems, LLC 3350 Riverwood Pkwy  Ste 1900 |  Atlanta, Georgia 30339  | Email: