Day One
- Introductions
- Paradigm Shift from DIACAP to RMF
- Major Challenges of the New Approach (Lessons learned from the first US Army RMF Early Adopters program ATO package)
- Lunch -
- FIPS 199 and CNSS 1253
- ISSO/SCA Perspective on System Categorization and Control Selection
- NIST SP 800-53, 800-53A, and eMASS
- The System Security Plan (SSP)
Day Two
- RMF Assessment Procedures Part 1 – Management Control Families
(Hands-on labs and interactive discussion)
- Lunch -
- RMF Assessment Procedures Part 2 – Operational Control Families
(Hands-on labs and interactive discussion)
Day Three
- RMF Assessment Procedures Part 3 – Operational Control Families (Cont’d)
(Hands-on labs and interactive discussion)
- Lunch -
- RMF Assessment Procedures Part 4 – Technical Control Families
(Hands-on labs and interactive discussion)
Day Four
- RMF Assessment Procedures Part 5 – Technical Control Families (Cont’d)
(Hands-on labs and interactive discussion)
- Lunch -
- RMF Assessment Procedures Part 6 – Technical Control Families (Cont’d)
(Hands-on labs and interactive discussion)
Day Five
- Producing the Security Assessment Report (SAR)
(Hands-on labs and interactive discussion)
- Developing the Risk Assessment Report (RAR)
(Hands-on labs and interactive discussion)
- Lunch -
- Submitting the RMF Authorization package
- Continuous Monitoring and Risk Management
- Final Thoughts and Q&A
|