NICE Framework Mapping

Oversight and Governance (OG), Protection and Defense (PD)
Overview

This course is designed to equip Information System Security Officers (ISSOs) with the essential skills and tools necessary to navigate through the Risk Management Framework (RMF) process efficiently. Through a series of structured lessons, participants will learn how to effectively implement each step of the RMF, from defining the authorization boundary to drafting authorization documentation, including Security Plans, Security Assessment Plans, and Plans of Action and Milestones (POA&Ms). The course will also cover continuous monitoring planning to ensure ongoing compliance and risk management.

Prerequisites

Basic understanding of cybersecurity principles
Familiarity with the Risk Management Framework (RMF)
Prior experience in information security or related fields
Knowledge of NIST Special Publication 800-53 and other relevant NIST publications

Schedule

5 Days

Outline

Lesson 1: RMF Step 0 Exercise(s)

● Identify Organizational RMF Roles and Strategy

Lesson 2: RMF Step 1 Exercise(s)

● Draft Authorization Boundary and External Services

● Draft Categorization/FIPS 199/NIST SP 800-60

Lesson 3: RMF Step 2 Exercise(s)

● Select Applicable Security Controls

Lesson 4: RMF Step 3 Exercise(s)

● Draft Implementation Statements

Lesson 5: RMF Step 4 Exercise(s)

● Draft Security Assessment Plan

● Draft POA&M

Lesson 6: RMF Step 5 Exercise(s)

● Draft Authorization Letter

Lesson 7: RMF Step 6 Exercise(s)

● Draft Continuous Monitoring Plan

Sign Up Today

If you are interested in this training provide your information below.

* indicates required