Information Systems Security Developer / Systems Development (SYS)
Information Systems Security Manager / Cybersecurity Management (MGT)
Certified Expert RMF Professional (CERP)®
This course equips the student with an overview of the system Authorization and Assessment process (also known as A&A) and the Risk Management Framework (RMF) for DoD IT and National Security Systems (NSS). This course reviews, at an Intensive level, NIST SP 800-37, NIST SP 800-53, Rev 4, DoDI 8510.01, DODI 8500.1, CNSS 1253, and other crucial directives that govern this process. In addition to the classroom instruction, the student will also participate in several scenario-based hands-on exercises in the implementation of the RMF using the CNSS, DoD, and Special Access Program (SAP) requirements to provide a clear knowledge bridge to the revised system authorization processes – for those currently working with A&A or for those who have limited or no A&A experience. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for NSS and DoD Systems.
Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments.
The fourth day of this Intensive course provides each student with a hands-on experience in using automated vulnerability assessment and other tools used to support the DoD and IC system authorization process. This is taught through lecture, hands-on exercises, and group discussion.