This course is focused on the transition to the new RMF v2.0 that is taking place within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC). This course is designed to provide Cybersecurity and Information Security Professionals that are responsible for implementing the unified federal Risk Management Framework (RMF), the knowledge, understanding and practices needed to apply the relevant DoD, NIST and CNSS publications to their work environment. Students will gain an understanding of the Risk Management Framework; associated risk management and assessment processes; implementation practices, techniques and technologies; roles and responsibilities; and artifacts development leading to U.S. Government information system authorization. Students will also learn and discuss the RMF seven (7) step process integrated with the System Development Life Cycle to include roles and responsibilities; references; and guidelines. They will complete exercises relevant to executing the RMF - for example, how to prepare for the RMF, categorize an information system, select security controls, and complete various RMF artifacts for system authorization. Students will also learn and discuss the technologies, best practices, and procedures used in the implementing the RMF. Other topics include life cycle activities in the DoD Instruction 8510.01 (RMF for DoD IT), NIST Special Publication (SP) 800-53 Security Controls, NIST assessment procedures, and enhancements from CNSS Instruction 1253. Training will include lectures and class discussions, class hands-on activities as well as individual hands-on activities, case studies, and individual and team exercises.

This course is focused on the proper assessment methods and procedures for controls defined in NIST SP 800-53 revision 4 and revision 5, as well as CNSSI 1253. This course is designed to provide Cybersecurity and Information Security Professionals that are responsible for the assessment of controls with the knowledge of control assessment methods, technologies, best practices, and techniques for proper assessment and documentation of assessment results in their environment. Students gain an understanding of the 2 new control families defined in NIST SP 800-53 R5 as well as the 18 families defined in SP 800-53 R4 and CNSSI 1253, and an in depth understanding of each control and how to assess each correctly.

ISCM was developed by the US National Institute of Standards and Technology (NIST). NIST provides detailed guidance on implementing a risk management framework. It also provides a detailed and broad control set for federal agencies to adopt— though any organization can adopt the controls as standards. There are lessons to be learned and technology improvements that can be implemented in any industry, such as finance, utilities, health care, and more. A combination of the risk management framework, control set and the continuous monitoring implementation guidance can be used to set up acceptable continuous monitoring plan. In this course students explore new guidance, policy and procedures for implementing a well- developed and thorough strategy for building a continuous monitoring program IAW SP 800-137, 800-39, 800-55, 800-128, 800-37 (Rev. 2), and 800-53 (Rev. 5). Topics include roles and responsibilities, establishment and implementation of the ISCM strategy, analysis and reporting of findings, and program review in accordance with NIST Special Publication (SP) 800-137.