RMF for DoD and Intelligence Communites Intensity 4 Day

This course equips the student with an overview of the system Authorization and Assessment process (also known as A&A) and the Risk Management Framework (RMF) for DoD IT and National Security Systems (NSS). This course reviews, at an in-depth level, NIST SP 800-37, NIST SP 800-53, Rev 4, DoDI 8510.01, DODI 8500.1, CNSS 1253, and other crucial directives that govern this process.

In addition to the classroom instruction, the student will also participate in several scenario-based hands-on exercises in the implementation of the RMF using the CNSS, DoD, and Special Access Program (SAP) requirements to provide a clear knowledge bridge to the revised system authorization processes - for those currently working with A&A or for those who have limited or no A&A experience. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for NSS and DoD Systems.

The fourth day of this Intensity course provides each student with a hands-on experience in using automated vulnerability assessment and other tools used to support the DoD and IC system authorization process. This is taught through lecture, hands-on exercises, and group discussion