RMF for DoD IT Workshop
SecureInfo is pleased to announce the release of the Risk Management Framework for DoD Information Technology (RMF for DoD IT or RDIT) Workshop. This intense Cybersecurity-based workshop blends lecture, discussion, and hands-on exercises to educate students on the new RDIT methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop compares and contrasts numerous aspects of the current DoD C&A process (DIACAP), to the new methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the RDIT methodology (into steps, tasks, outputs, and responsible entities) and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the DIACAP Knowledge Service and complimented by NIST Special Publications.
The Department of Defense has adopted and will transition to a new Cybersecurity Risk Management Framework (RMF) methodology [RDIT] as the replacement for DIACAP. The direction for this transformation comes from the latest set of both DoD and Committee for National Security Systems (CNSS) document replacements for DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, CNSSP 22, and CNSSI 1253. The RDIT is supported and complimented through a suite of standards and guidelines: National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, 800-30, 800-39, 800-53, 800-53A, and 800-137.
Module 1: Introduction
- RDIT Terms and Key Concepts for Module 1
- DoD & RMF Background
- Purpose and Applicability of DoDD 8500.1, DoDI 8500.2 and 8510.01
- Purpose and Applicability of CNNSP 22, and CNSSI 1253
- Purpose and Applicability of NIST SP 800-37, 800-53, 800-39
- Summary of RDIT Tasks
- End of Module 1 Exercise
- Module 2: RDIT Fundamentals
RDIT Terms and Key Concepts for Module 2
- RDIT Roles and Responsibilities
- RDIT Process Documentation
- Integrated Enterprise-Wide Risk Management
- DoD IS and PIT
- End of Module 2 Exercise
- Module 3: RDIT Extras
RDIT Terms and Key Concepts for Module 3
- Reciprocity of Assessments and Authorizations
- RDIT Knowledge Service
- Transitioning (C&A) to Security Authorization
- End of Module 3 Exercise
Module 4: Working with the Security Controls
- RDIT Terms and Key Concepts for Module 4
- NIST SP 800-53, Security Controls
- NIST SP 800-53A, Assessing Security Controls
- End of Module 4 Exercise
Module 5: RDIT Process - A Detailed Look
- RDIT Terms and Key Concepts for Module 5
- The RDIT Process (In-Depth)
- Step 1: Categorize Information System
- Step 2: Select Security Controls
- Step 3: Implement Security Controls
- Step 4: Assess Security Controls
- Step 5: Authorize Information System
- Step 6: Monitor Security Controls
- End of Course Exercise
* This Course Syllabus and the RDIT Curriculum are subject to change as more information about the RMF for DoD IT process becomes available and as the referenced documents are finalized and released.
SANS Hosted are a series of classes presented by other educational providers to complement your needs for training outside of our current course offerings.
Laptops are required for this course, as each student will be asked to create documentation and participate in practical exercises that guide the students. The laptop must have Adobe Acrobat Reader, Excel, and Word. Resource Kits are provided via CDs for students attending the course, for in-class work, as well as supplemental materials.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
|Who Should Attend|
The curriculum covered in this course is appropriate for all government and contractor personnel who must understand and implement the new RDIT methodology; including, but not limited to, ISSMs, ISSOs, SCAs, PM/SMs, AO Reps, and IG/Auditors.
|Course Materials Provided|
Students will receive a workbook (to include instructional slides) and Resource Kit via CD (includes all supporting materials and exercises).
*CPE/CMU credits not offered for the SelfStudy delivery method