Course Content

Module 1: NIST RMF: The Basics

02:54
1.1 Introduction
13:57
1.2 RMF Overview
16:35
1.3 1.2 Creating a Top-Down RMF Approach
14:20
1.4 New Step - Preparation

Module 2: Categorize, Select and Implement

09:39
2.1 Categorize the System (Including HVA's)
08:15
2.2 Selecting Controls
10:28
2.3 Implementing Proper Controls

Module 3: Assess, Authorize and Monitor

10:15
3.1 Assessing the System
10:03
3.2 Lets Get that ATO!
09:28
3.3 Monitoring System, Controls and Changes

Course Description

While managing risk, the RMF framework can also help an organization to select appropriate security controls, to balance security and functionality for a safe and seamless end-user experience. The framework is made up of six steps, system categorization, selection of controls, implementation, assessment, authorization, and monitoring those controls. But the key to each of these steps is the preparation put into each component, which determines the success of the framework. One of the main problems which can occur when trying to implement a security program, are the issues between the Information Technology (IT) and Security teams. Each team has different objectives but must meet in the middle to accommodate user needs, as well as the needs of the business.

RMF does not have to just be for federal organizations, it can be integrated into any information security program, to ensure effective and efficient security practices. Each step will be described in detail, including mention of supplemental documentation, who will be involved at each stage, and how to integrate eachcomponent into a security program. The RMF steps are meant to help streamline the Authorization to Operation, or ATO, process. When implemented correctly, security processes will be aligned to meet functionality and security with the IT and Security teams.

Prerequisites

Individuals who wish to take this course should be team leads in the IT or Security sectors, senior management, or executive management looking to implement, or improve, RMF use in their organizations. Users should already have a basic understanding of the NIST Risk Management Framework before taking this course. Users should also be familiar with the accompanying NIST Special Publication guides, as outlined in the supplemental material section.

Instructed By

Instructor Profile Image
Nikki Robinson
Instructor

Provided By

Cybrary Logo

Certificate of Completion

Certificate Of Completion

Complete this entire course to earn a Executive RMF Certificate of Completion

Verticals