< Back to Risk Management Framework

Module 1

Module 2

The Risk Management Framework – Part 2

Invite Friends
Facebook Twitter Google+ LinkedIn Email
Learning should be free
Cybrary's open source learning community and hands on marketplace enables you to earn new skills and collaborate in an engaging and rewarding way. Join the other 1,299,189 IT professionals today to get free access to
  • Unlimited Free and Open Source Cyber Security Learning
  • CEU/CPE Certificates of Completion
  • Innovative Micro-Certifications
  • Over 200 Certification-based Practice Labs and Practice Tests
  • And much more!
Join Cybrary for Free
Already a member?
Login to view this lesson
Description
Virtual Practice Lab
Practice Test
Resources
The Risk Management Framework – Part 2

In this lesson, Subject Matter Expert (SME) Kelly Handerhan discusses NIST Special Publication (SP) 800-37, “Guide for the Security Certification and Accreditation of Federal Information Systems”, that was created as part of NIST’s responsibility under FISMA to develop standards and guidelines for the requirements and process steps for the certification, accreditation, and monitoring of information systems.

Handerhan explains the use and usefulness of other NIST SP documents in the RMF process.

You will learn:

  • the six Risk Management Framework (RMF) phases
  • the role of the Information System Owner
  • when and how to create and update the System Security Plan (SSP)
  • how to develop a Plan of Actions and Milestones (POAM) to document weaknesses and vulnerabilities and to set mitigation milestones
  • how to develop a Minimum Security Baseline (MSB)
  • how to select and implement security control activities
  • documentation requirements and methods
  • contingency planning for federal agency systems’ continuity (“systems” goes beyond just computer systems)
  • how to develop a Business Impact Analysis
  • the three phases of continuity
  • the differences between recovery and reconstitution
  • rules and responsibilities of the incident response team in a contingency environment
  • incident analysis and returning to an operational state
  • understanding and using the “plan, do, check, act” model

THE DISCUSSION OF IMPORTANT RMF DOCUMENTS AND USING THE RMF CONTINUES IN LESSON 2.

 

 

Watch the Course Intro Video
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Hands On Lab
Verified
CompTIA Security+ Virtual Lab
Empower yourself as a security professional by gaining the fundamental knowledge for securing a network and managing risk from your own virtual environment. The CompTIA SY0-401: Security+ Virtual Lab will provide you with a hands- on understanding of critical securi
20 Hours
$79.99
Hands On Lab
Verified
Certified Ethical Hacker (CEH) Virtual Lab
Learn the hacking techniques used by the Internet's most skilled professionals from your own virtual environment. In the Ethical Hacking Virtual Lab, learn to exploit networks in the manner of an attacker in order to discover how to protect the system from them and
20 Hours
$79.99
Practice Test
Verified
Cisco 200-105: Interconnecting Cisco Network Devices Part 2
Evolve your networking skills to fill the role of a core network engineer by learning the ins and outs of real Cisco Routers and Switches. You have passed the ICND1 and are ready to take the Interconnecting Cisco Network Devices Part 2 certification exam. The Cisco
$42.00
Practice Test
Verified
Cisco 200-125: Cisco Certified Network Associate (CCNA)
Evolve your networking skills to fill the role of a core network engineer by learning the ins and outs of real Cisco Routers and Switches. The CCNA Practice Test will prepare you to install, manage, monitor, secure, and troubleshoot basic router and switches.
22 Hours
$42.00
Recommended Study Material
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Upcoming Industry Events
Oct
25
Finding a Career in Cybersecurity: Panel on Job Success
Webinar by Talos @ 1 : 00 PM EST
Oct
25
Delivering on the 6 Promises of SD-WAN [NA]
Webinar by Cato Networks @ 1 : 00 PM EST
Oct
25
Live Demo of Cb Defense (Every Wednesday at 2PM EST/11AM PST)
Webinar by Carbon Black, Inc. @ 2 : 00 PM EST
Oct
26
Beyond Prevention: How Enterprises Can Shut Down Attacks in Progress (Thursday, October 26 at 1PM EDT)
Webinar by Carbon Black, Inc. @ 1 : 00 PM EST
Oct
26
Cybersecurity Awareness Month: Update your plan now to protect passwords across the enterprise
Webinar by Thycotic @ 11 : 00 AM EST
Oct
26
Delivering on the 6 Promises of SD-WAN [EMEA]
Webinar by Cato Networks @ 5 : 00 AM EST
Oct
26
Improve Security Visibility with OSSIM Correlation Directives
Webinar by AlienVault @ 12 : 00 PM EST
Nov
02
Threat Hunting for Web Shells
Webinar by Sqrrl @ 2 : 00 PM EST
Nov
07
Tripwire University: Industrial Cybersecurity
Webinar by Tripwire @ 11 : 30 AM EST
View more events

Interested in promoting your company's event?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel