Risk Management Framework for DoD
The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) provides a mechanism to inform risk decisions and improve cybersecurity. As federal government and private industry transition to RMF, a broad understanding of the entire process eases adoption challenges. Informative lectures provide in-depth knowledge concerning threat processes, risk-management concepts, and the roles defined by relevant Department of Defense (DoD), NIST, and Committee on National Security Systems publications. The six-step life cycle process is explored through presentations and hands-on exercises as attendees learn to categorize information systems, select security controls, implement controls, assess controls, authorize information systems, and monitor the security controls.
What You Will Learn
- Risk management framework overview
- Roles and responsibilities
- Tasks of the RMF six-step process
- Security controls
How You Will Benefit
- Understand the six-step risk management framework (RMF).
- Apply DoD and federal guidance to RMF processes.
- Practice performing the RMF steps through hands-on exercises and discussions.
- Explore common vulnerabilities.
- Unpack the NIST 800-53 control families.
- Key definitions
- Policy documents
- Overview of RMF process
ROLES AND RESPONSIBILITIES
- Identify RMF roles
- Understand responsibilities for each role
RMF SIX STEP PROCESS
- NIST 800-53 control families
- Understanding how controls reduce risk
- Documents used to track controls
Who should attend
DoD employees, contractors, program managers, risk professionals, IT managers, and private industry practitioners who wish to understand the Risk Management Framework.