Cyber Information Assurance / RMF for DoD Workforce Training

This training program emphasizes the transition now taking place at DoD from DIACAP to RMF.

Apply Now

RMF for DoD IT training program

Appropriate for DoD employees and contractors, as well as their supporting vendors and service providers.

CAP Certification

RMF for DoD IT training program (“Fundamentals” +In-Depth”) covers the “domains” required for the Certified Authorization Professional (CAP) examination.

Duration: 5 days

Those who wish to gain detailed implementation knowledge of RMF and NIST Security Controls should attend both RMF for DoD IT – Fundamentals and RMF for DoD IT – In Depth.

Course description and Pricing

RMF is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).

RMF is an integral part of the implementation of FISMA, the Federal Information Security Management Act, and is based on publications of the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The RMF for DoD IT training class is suitable for DoD employees and contractors.

This training program emphasizes the transition now taking place at DoD from DIACAP to RMF. The full program consists of a one-day RMF for DoD IT – Fundamentals class, followed by a three-day RMF for DoD IT – In Depth class.

Fundamentals

RMF for DoD IT (One Day) – Starting at
$300/Person
  • Information Security and Risk Management Foundation
  • Understanding FISMA
  • FIPS and NIST Special Pubs
  • Risk Management Evolves (NIST SP 800-37, 800-39)
  • Introduction to the RMF Life Cycle
  • Key Roles in the RMF
  • RMF Documentation
  • Introduction to Security Controls
  • RMF for DoD IT (DoDI 8500.01, DoDI 8510.01)
Apply Now

In-Depth

RMF for DoD IT (Three Days) - Starting at
$1200/Person
  • Foundations of Information Security and Risk Management +Roles and Responsibilities
  • RMF Life Cycle Process (NIST SP 800-37, DoDI 8510.01)
  • RMF Challenges
  • RMF Documentation
  • System Security Plan
  • Security Assessment Report
  • Plan of Action and Milestones (POA&M)
  • Supporting Documentation (Artifacts)
  • NIST Security Controls
  • Management Controls
  • Operational Controls
  • Technical Controls
  • Security Controls Assessment (NIST SP 800-53A)
  • RMF Resources (RMF Knowledge Service, eMASS)
  • Automated Security Tools
  • Practical Guidance
  • DIACAP to RMF Transition
Apply Now

Frequently Asked Questions

Who should attend?
The RMF for DoD IT training program is appropriate for DoD employees and contractors, as well as their supporting vendors and service providers. Managers and others who wish to gain high-level knowledge of RMF should attend RMF for DoD IT – Fundamentals (one day). Those who wish to gain detailed implementation knowledge of RMF and NIST Security Controls should attend both RMF for DoD IT – Fundamentals and RMF for DoD IT – In Depth (total of four days).
Seeking CAP Certification?
The full four-day RMF for DoD IT training program (“Fundamentals” + “In-Depth”) covers the “domains” required for the Certified Authorization Professional (CAP) examination. Please note bits&digits provides training only. The CAP exam itself is administered by ISC2.
How Comprehensive is the RMF for DoD IT Training?
Our RMF for DoD IT course is comprehensive both in our course curriculum and exercises utilized in the class. Although Navy has not issued the final mandate/ direction from the head office, we continue to train US Navy staff around the country who recognize and accept the responsibility to obtain training sooner rather than later. RMF has 6 core principles which is the driving factor of our course offering. We cover all of them and that helps our customers in their readiness and implementation efforts.
Course Outline - RMF for DoD IT – Fundamentals (One Day)
This class provides an overview of information security and risk management and proceeds to a high-level view of RMF for DoD IT. Discussion is centered on RMF for DoD IT policies, roles and responsibilities, along with key publications from the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The class includes high-level discussion of the RMF for DoD IT “life cycle”, including security authorization (aka. certification and accreditation), along with the RMF documentation package and NIST security controls.

  • Information Security and Risk Management Foundation
  • Understanding FISMA
  • FIPS and NIST Special Pubs
  • Risk Management Evolves (NIST SP 800-37, 800-39)
  • Introduction to the RMF Life Cycle
  • Key Roles in the RMF
  • RMF Documentation
  • Introduction to Security Controls
  • RMF for DoD IT (DoDI 8500.01, DoDI 8510.01)
Course Outline - RMF for DoD IT – In-Depth (Three Days)
This course expands on these topics at a level of detail that enables practitioners to immediately apply the training to their daily work. Each student will gain an in depth knowledge of the relevant DoD, NIST and CNSS publications along with the practical guidance needed to implement them in the work environment. Each life cycle activity in the DoD Instruction 8510.01 (RMF for DoD IT) is covered in detail, as is each component of the corresponding documentation package. NIST Special Publication (SP) 800-53 Security Controls, along with corresponding assessment procedures, are covered in detail, as are CNSS Instruction 1253 “enhancements”. Specific attention is paid to the process of transition from DIACAP to RMF. “Class participation” exercises and collaboration reinforce key concepts. RMF for DoD IT – Fundamentalsis recommended as a “prerequisite” to RMF for DoD IT – In-Depth.

  • Foundations of Information Security and Risk Management
    • Exercise 1 – Security Brainstorming
  • Roles and Responsibilities
    • Exercise 2 – Roles/Responsibilities
  • RMF Life Cycle Process (NIST SP 800-37, DoDI 8510.01)
  • “Step 0” – Preparing for RMF
    • Exercise 3 – System Boundary
  • Step 1 – Categorize (CNSSI 1253, NIST SP 800-60)
    • Exercise 4 – System Categorization
  • Step 2 – Select (CNSSI 1253, NIST SP 800-53)
  • Step 3 – Implement
  • Step 4 – Assess
  • Step 5 – Authorize
  • Step 6 – Monitor (NIST SP 800-137)
    • Exercise 5 – RMF Life Cycle
  • RMF Challenges
  • RMF Documentation
  • System Security Plan
  • Security Assessment Report
  • Plan of Action and Milestones (POA&M)
  • Supporting Documentation (Artifacts)
    • Exercise 6 – RMF Documentation
  • NIST Security Controls
  • Management Controls
  • Operational Controls
  • Technical Controls
    • Exercise 7 – “Dissecting” a Security Control
  • Security Controls Assessment (NIST SP 800-53A)
    • Exercise 8 – Security Control Assessment
  • RMF Resources (RMF Knowledge Service, eMASS)
  • Automated Security Tools
    • Exercise 9 – Security Testing Tools
  • Practical Guidance
    • Exercise 10 – RMF Project Plan Case Study
  • DIACAP to RMF Transition

There are also various exercises and case studies throughout the duration of the training.

What if I Have Questions After Training?

Get Post Class Support at No Charge!

Need an RMF Expert at your finger tips? That’s exactly what our post training support gives you. Known as BitsOnPremise, this support program includes dedicated account management, and access to a leading RMF expert in our monthly RMF conference call.

  • Get your questions answered.
  • Gain better knowledge and confidence.
  • Not only learn the material, become the material through greater collaboration.

It’s easy. Just dial in for a scheduled webinar and spend time with our RMF Subject Matter Expert to hear your questions answered along with other students’ questions. After all, education doesn’t stop just because the class is over.

Training Options
The Risk Management Framework for DoD IT training program is offered on a regularly-scheduled basis at our training sites in Columbia South Carolina, Louisville Kentucky, and San Diego California) area. Each session is also available to distance learners via Personal Classroom (online, instructor-led) technology. We are also able to bring this training on-site to your facility.
About the Instructors
The instructors tasked to complete this training have previously developed training programs for DoD Information Assurance Certification and Accreditation Process (DIACAP) and the Federal Information Security Management Act (FISMA). These have now been completely revamped to reflect the unification of information security and risk management practices in accordance with the Risk Management Framework (RMF). To date, thousands of military personnel, civilian government employees and contractor personnel have completed one or more these RMF for DoD IT training programs.

Are there still any questions or would like anything customized?

If we didn’t answer all of your questions, feel free to drop us a line anytime.
Please Get In Touch