Last day to save $500 for SANS San Diego 2013

OnSite

RMF for DoD IT Workshop

Presented By

SecureInfo is pleased to announce the release of the Risk Management Framework for DoD Information Technology (RMF for DoD IT or RDIT) Workshop. This intense Cybersecurity-based workshop blends lecture, discussion, and hands-on exercises to educate students on the new RDIT methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop compares and contrasts numerous aspects of the current DoD C&A process (DIACAP), to the new methodology for categorizing information systems, selecting and implementing applicable security controls, and establishing a Continuous Monitoring program. This workshop breaks down the RDIT methodology (into steps, tasks, outputs, and responsible entities) and includes informative lectures, discussions, and exercises which provide a functional understanding of Cybersecurity, Risk Management, and the proper selection, implementation, and validation of the new Security Controls as outlined on the DIACAP Knowledge Service and complimented by NIST Special Publications.

More

Background

The Department of Defense has adopted and will transition to a new Cybersecurity Risk Management Framework (RMF) methodology [RDIT] as the replacement for DIACAP. The direction for this transformation comes from the latest set of both DoD and Committee for National Security Systems (CNSS) document replacements for DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, CNSSP 22, and CNSSI 1253. The RDIT is supported and complimented through a suite of standards and guidelines: National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, 800-30, 800-39, 800-53, 800-53A, and 800-137.

Module 1: Introduction

  • RDIT Terms and Key Concepts for Module 1
  • DoD & RMF Background
  • Purpose and Applicability of DoDD 8500.1, DoDI 8500.2 and 8510.01
  • Purpose and Applicability of CNNSP 22, and CNSSI 1253
  • Purpose and Applicability of NIST SP 800-37, 800-53, 800-39
  • Summary of RDIT Tasks
  • End of Module 1 Exercise
  • Module 2: RDIT Fundamentals

RDIT Terms and Key Concepts for Module 2

  • RDIT Roles and Responsibilities
  • RDIT Process Documentation
  • Integrated Enterprise-Wide Risk Management
  • DoD IS and PIT
  • End of Module 2 Exercise
  • Module 3: RDIT Extras

RDIT Terms and Key Concepts for Module 3

  • Reciprocity of Assessments and Authorizations
  • RDIT Knowledge Service
  • Transitioning (C&A) to Security Authorization
  • End of Module 3 Exercise

Module 4: Working with the Security Controls

  • RDIT Terms and Key Concepts for Module 4
  • NIST SP 800-53, Security Controls
  • NIST SP 800-53A, Assessing Security Controls
  • End of Module 4 Exercise

Module 5: RDIT Process - A Detailed Look

  • RDIT Terms and Key Concepts for Module 5
  • The RDIT Process (In-Depth)
  • Step 1: Categorize Information System
  • Step 2: Select Security Controls
  • Step 3: Implement Security Controls
  • Step 4: Assess Security Controls
  • Step 5: Authorize Information System
  • Step 6: Monitor Security Controls
  • End of Course Exercise

* This Course Syllabus and the RDIT Curriculum are subject to change as more information about the RMF for DoD IT process becomes available and as the referenced documents are finalized and released.

Hide

Notice:

SANS Hosted are a series of classes presented by other educational providers to complement your needs for training outside of our current course offerings.

Course Syllabus
 
 
  Laptop Required

Laptops are required for this course, as each student will be asked to create documentation and participate in practical exercises that guide the students. The laptop must have Adobe Acrobat Reader, Excel, and Word. Resource Kits are provided via CDs for students attending the course, for in-class work, as well as supplemental materials.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.
 
  Who Should Attend

The curriculum covered in this course is appropriate for all government and contractor personnel who must understand and implement the new RDIT methodology; including, but not limited to, ISSMs, ISSOs, SCAs, PM/SMs, AO Reps, and IG/Auditors.

  • Individuals with information system and security management and oversight responsibilities. (e.g., authorizing official representatives, chief information officers, senior information assurance officers, information system owners, or certifying authorities)
  • Individuals with information system and information assurance control assessment and monitoring responsibilities. (e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, Inspectors General, or program managers)
  • Individuals with information assurance implementation and operational responsibilities. (e.g., information system owners, information owners/stewards, mission/business owners, information system security managers/officers, security managers, or system administrators)
 
  Course Materials Provided

Students will receive a workbook (to include instructional slides) and Resource Kit via CD (includes all supporting materials and exercises).
 

We just purchased Securing the Human, which I think is the best I have ever seen. In addition it's backed up by SANS extensive experience and knowledge base in infosec.
- Karen McDowell

Share
SANS Pen Test Hackfest 2013 - Washington
Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Last 25 Papers »

Latest Tweets @SANSInstitute

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc