Executive RMF

This course will discuss the NIST Risk Management Framework (RMF) from an executive perspective. Each module will not only address each step in the RMF process, but how this process can be implemented into your organization or business.

Course Content

2.2 Implementing Proper Controls


Module 2: Categorize, Select and Implement
2.1 Selecting Controls


Module 2: Categorize, Select and Implement
2.0 Categorize the System (Including HVA's)


Module 2: Categorize, Select and Implement
1.3 New Step - Preparation


Module 1: NIST RMF: The Basics
1.2 Creating a Top-Down RMF Approach


Module 1: NIST RMF: The Basics
1.1 RMF Overview


Module 1: NIST RMF: The Basics
1.0 Introduction


Module 1: NIST RMF: The Basics
3.2 Monitoring System, Controls and Changes


Module 3: Assess, Authorize and Monitor
3.1 Lets Get that ATO!


Module 3: Assess, Authorize and Monitor
3.0 Assessing the System


Module 3: Assess, Authorize and Monitor
Course Description

While managing risk, the RMF framework can also help an organization to select appropriate security controls, to balance security and functionality for a safe and seamless end-user experience. The framework is made up of six steps, system categorization, selection of controls, implementation, assessment, authorization, and monitoring those controls. But the key to each of these steps is the preparation put into each component, which determines the success of the framework. One of the main problems which can occur when trying to implement a security program, are the issues between the Information Technology (IT) and Security teams. Each team has different objectives but must meet in the middle to accommodate user needs, as well as the needs of the business.

RMF does not have to just be for federal organizations, it can be integrated into any information security program, to ensure effective and efficient security practices. Each step will be described in detail, including mention of supplemental documentation, who will be involved at each stage, and how to integrate eachcomponent into a security program. The RMF steps are meant to help streamline the Authorization to Operation, or ATO, process. When implemented correctly, security processes will be aligned to meet functionality and security with the IT and Security teams.

What is Risk Management? It is defined as the forecasting and evaluation of risks together with the identification of procedures to avoid or minimize their impact. What will I learn? Risk Management best practices, How and why it's essential to identify mission critical systems, and the loss impact of critical systems should failure occur.

The National Institute of Standards and Technology (NIST) established the Risk Management Framework (RMF) as a set of operational and procedural standards or guidelines that a US government agency must follow to ensure the compliance of its data systems.

RMF originally was designed to benefit Department of Defense (DoD) military, civilian, and contractor personnel who are responsible for evaluating information systems under the RMF and certifying to the Government that information systems meet security requirements. Because managing risk is a critical concept for organizations that house sensitive data, entities outside of the public sector have taken notice of the effectiveness of RMF practices.


Individuals who wish to take this course should be team leads in the IT or Security sectors, senior management, or executive management looking to implement, or improve, RMF use in their organizations. Users should already have a basic understanding of the NIST Risk Management Framework before taking this course. Users should also be familiar with the accompanying NIST Special Publication guides, as outlined in the supplemental material section.

This course is part of a Career Path:
CISO Certification, Training & Career Path
Taught by CISOs for CISOs, this Career Path will provide you with a structured curriculum with specialized learning activities that will give you real-world training on how to become a successful CISO in the ever-changing security field. You will learn about corporate cybersecurity management, NIST 800-53 security and privacy controls, business continuity and disaster planning, enterprise security case management, and numerous competencies of the effective CISO.

Instructed by

Nikki Robinson

Dr. Nikki Robinson is a Cybersecurity Engineer, with over 12 years of experience in both IT and Security positions. Her main focus in Cyber is in vulnerability management and assessments, incident response, and investigations / forensics. She has received her Doctorate of Science in Cybersecurity from Capitol Technology University, and holds several certifications in the IT and Security fields (including CEH/CNDA, MCITP, and CCAA). She is also working on several research projects, publications, and teaching opportunities. She is currently serving as a Board member for the FBI Infragard Maryland Chapter and is actively involved in several industry organizations

Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a Executive RMF Certificate of Completion