RMF Training, Introduction to Risk Management Framework (RMF) offered by TONEX. Learn about DoD Information Technology in-depth DoD RMF basics. TONEX offers a series of Risk Management Framework (RMF) for DoD Information Technology in-depth DoD RMF basics.
Introduction to RMF training teaches you the concepts and principles of risk management framework (RMF) which is a replacement to the traditional cybersecurity risk management framework methodology, DIACAP.
RMF training course covers variety of topics in RMF area such as: basics of RMF, RMF laws, RMF regulations, introduction to FISMA, updated FISMA regulations, RMF roles and responsibilities, FIPS and NIST publications. Moreover, you will be introduced to step by step procedure for RMF, system development life cycle (SDLC), transition from certification and accreditation (C&A) to RMF, RMF expansion, security control assessment requirements and RMF for information technology.
Audience
The introduction to RMF training is a 2-day course designed for:
- IT professionals in the area of cybersecurity
- DoD employees and contractors or service providers
- Government personnel working in cybersecurity area
- Authorizing official representatives, chief information officers, senior information assurance officers, information system owners or certifying authorities
- Employees of federal agencies and the intelligence community
- Assessors, assessment team members, auditors, inspectors or program managers of information technology area
- Any individual looking for information assurance implementation for a company based on recent policies
- Information system owners, information owners, business owners, and information system security managers
Upon completion of the introduction to RMF training course, the attendees are able to:
- Understand the risk management framework and risk management and assessment for information technology systems
- Apply cost-effective security controls based on risk and best practices on assessment and analysis
- Understand the RMF/FISMA/NIST processes for authorizing federal IT systems and authorization process
- Explain RMF step by step procedures
- Differentiate the traditional certification and accreditation (C&A) with RMF
- Understand different key roles in RMF with their responsibilities
- Recognize recent publications of NIST and FISMA regarding RMF and select, implement, and assess security controls
- Apply the step by step RMF procedure to real world application, and ways to monitor security controls
- Tackle the problems of RMF in each phase of procedure
Introduction to RMF training course consists of the following lessons, which can be revised and tailored to the client’s need:
Information Security and Risk Management Framework (RMF) Foundation
- Purpose of RMF
- Components of Risk Management
- Importance of Risk Management
- Risk Management for Organizations
- Risk Management for Business processes
- Risk Management for Information System
- Concept of Trust and Trustworthiness in Risk Management
- Organizational Culture
- Key Risk Concepts and their Relationship
- Framing Risks
- Assessing Risk
- Risk Assessment Steps
- Responding to Risk
- Mitigating Risks
- Monitoring the Risk
- Risk Management Process Tasks
- Risk Response Strategies
- Office of Management and Budget (OMB) Laws
- National Institute of Standards and Technology (NIST) Publications
- Committee and National Security Systems (CNSS)
- Office of the Director National Intelligence (ODNI)
- Department of Defense (DoD)
- Privacy Act of 1974 (Updated in 2004)
- Transmittal Memorandum, OMB A-130
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Financial Service Modernization
- OMB M-00-13
- Critical Infrastructure Protection
- Federal Information Security Management (FISM)
- HSPD 7
- Policy on Information Assurance Risk Management for National Security Systems (CNSSP)
- Security Categorization and Control Selection for National Security Systems (CNSSI)
- FIMSA Compliance Overview
- FIMSA Trickles into the Private Sector
- FIMSA Compliance Methodologies
- NIST RMF
- DIACAP
- DoD RMF
- ICD 503 and DCID 6/3
- Understanding the FISMA Compliance Process
- Stablishing FIMSA Compliance Program
- Preparing the Hardware and Software Inventory
- Categorizing Data Sensitivity
- Addressing Security Awareness and Training
- Addressing Rules of Behavior
- Developing an Incident Response Plan
- Conducting Privacy Impact Assessment
- Preparing Business Impact Analysis
- Developing the Contingency Plan
- Developing a Configuration Management Plan
- Preparing the System Security Plan
- Performing the Business Risk Assessment
- Security Testing and Security Packaging
- FISMA for Clouds
- Continuous Diagnostics and Mitigation (CDM) Program
- FISMA Metrics
- Federal Government Programs Designed to Combat Growing Threats
- Cybersecurity 2015 Cross Agency Priority (CAP) Goal
- Formalized Process for Proactive Scans of Public Facing Agency Networks
- DHS US-CERT Incident Notification Guidelines
- Information Security Program Oversight Requirements
- Privacy Management Guidance
- Mobile Devices
- Security Incident Reporting
- Protection of Agency Information
- Ongoing Authorization
- Categorizing
- Selection
- Implementation
- Assessing
- Authorizing
- Monitoring
- Initiation
- Development/Acquisition
- Implementation/Assessment
- Operation and Maintenance
- Disposal
- Certification and Accreditation (C&A) Process
- C&A Phases
- Initiation
- Certification
- Accreditation
- Monitoring
- RMF, a High Level View
- Transition and Differences
- Key Roles to Implement the RMF
- Implementation of the RMF in the Intelligence Community
- Implementation of the RMF in DoD
- Implementation of the RMF in the Private Sector
- Future Updates to the RMF Process
- Using the RMF with Other Control Sets
- FedRAMP
- The Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry (PCI)
- Other Standards used with RMF
Comments
Post a Comment