NIST RMF Fundamentals

Title: NIST Risk Management Framework (RMF) Fundamentals

• Modalities:

  • Self-Paced Online

  • Live Instructor-Led: By Request

• Duration: 2 days

Overview 

This course is designed to introduces students to the foundational concepts behind the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and NIST Special Publication (SP) 800-37. 

Who Should Attend

• Line of Business Leadership
• Non-Technical Managers
• Technical Managers
• Industry Members (e.g., Manufacturing Extension Program, State-Federal Liaisons)

Course Agenda

• Day 1 (AM):
  • Introductions
  • What is risk management
  • What is RMF
  • Who needs to follow NIST SP 800-37
  • What is the relationship to NIST SP 800-53
  • Relationship to NIST Privacy Framework
• Day 1 (PM):
  • RMF structure overview
    • Prepare
      • Purpose and outcomes
    • Categorize
      •  Purpose and outcomes
    • Select
      • Purpose and outcomes
    • Implement
      • Purpose and outcomes
    • Assess
      • Purpose and outcomes
    • Authorize
      • Purpose and outcomes
    • Monitor
      • Purpose and outcomes
• Day 2 (AM):
  • RMF step details
    • Prepare
      • RMF quick start
    • Categorize
      • Controlled unclassified information (CUI) registry
    • Select
      • NIST SP 800-53 and NIST SP 800-53B control baselines
      • NIST Security and Privacy Control Overlay Repository (SCOR)
• Day 2 (PM):
  • RMF step details
    • Implement
      • Security configuration settings
        • Security content automation protocol (SCAP)
        • US government configuration baseline (USGCB)
    • Assess
      • The Open Security Controls Assessment Language (OSCAL)
    • Authorize
    • Monitor
    • Review
    • Exam