The Risk Management Framework (RMF) provides a disciplined, structured and flexible process for managing security and privacy risk. It includes information security categorization; control selection, implementation and assessment; system and common control authorizations; and continuous monitoring. It includes activities to prepare organizations to execute the framework at appropriate risk management levels. This learning path explains the RMF steps and its processes (aka tasks) which link essential risk management processes at the system level to risk management processes at the organization level. This learning path explains the Risk Management Framework (RMF) and its processes and provides guidance for applying the RMF to information systems and organizations.
Overview
Syllabus
- Legal and regulatory
- This course provides an introduction to the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Skills course. In this course, we will teach you how to employ the Risk Management Framework to better manage and reduce cybersecurity risks. In this module, we provide a brief overview, and then detail the involvement of some regulatory organizations in the development and execution of the NIST RMF. We specifically discuss executive orders, NIST, the Office of Management and Budget, the Committee on National Security Systems and more.
- Laws Policies and Regulations
- In this module, we explain some of the laws, policies and regulations which mandate the implementation of the NIST RMF and govern the execution of the NIST RMF. This module discusses the Privacy Act, the Computer Fraud and Abuse Act, the USA PATRIOT Act and more.
- Integrated Organization Wide Risk Management
- In this module, we describe the basic concepts associated with managing information system-related security and privacy risk in organizations. Managing information system-related security and privacy risk is a complex undertaking that requires the involvement of the entire organization. Risk management is a holistic activity that affects every aspect of the organization and cannot be made in isolation. This module discusses risk, the system development life cycle, key roles and more.
- Risk Management Framework Phases
- In this module, we discuss the NIST RMF steps. describes the RMF and provides guidelines for applying it to information systems and organizations. We discuss the RMF structured and flexible process for managing security and privacy risk, as well as RMF activities to prepare organizations to execute the framework at appropriate risk management levels.
- Risk Management Framework Review
- In this module, we review the six RMF steps: Categorize/Identify; Select; Implement; Assess; Authorize; and Monitor and provide an assessment to gauge your understanding of the course. In addition, there is a project in which you will review the categorization process by completing the NIST 800-60v1 categorization worksheet. You will then transfer the information over to the FIPS 199 Categorization Form and look at the six RMF steps.
Taught by
Ross Casanova