Course Code: 19293

Risk Management Framework (RMF) DoD/IC Implementation 2022

Class Dates:
3 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • Federal Risk Management Framework (RMF) Implementation 2022 focuses on the Risk Management Framework prescribed by NIST Standards. This course is current as of February 2022. It was revised due to NIST producing new and updated publications over the preceding two years, including NIST Special Publication (SP) 800-37, R2; SP-800-53, R5; SP 800-160, versions 1 and 2; and SP 800-171, R1 (among others).
  • Audience
  • Employees of federal, state and local governments; and businesses working with the government.


Course Details

  • RMF, cybersecurity policy regulations, and roles and responsibilities
  • Introduction to RMF
  • Cybersecurity policy regulations and framework
  • RMF roles and responsibilities
  • Risk analysis
  • Risk management
  • Risk assessment and the RMF process
  • The RMF process
  • Step 0—Prepare
  • Step 1—Categorize
  • Step 2—Select
  • Step 3—Implement
  • Step 4—Assess
  • Step 5—Authorize
  • Step 6—Monitor
  • DoD RMF–specific areas
  • Area A: eMASS
  • Area B: DoD’s CYBER.MIL site and resources
  • Area C: Continuous Monitoring and Risk Scoring (CMRS)
  • Area D: RMF Knowledge Service (RMFKS)
  • Area E: Joint SAP Implementation Guide (JSIG) for RMF
  • References
  • A: RMF reference documents
  • B: Acronym reference
  • C: Steps of the RMF—Answers key
  • D: Lab Exercises for RMF Steps