RMF for DoD IT + STIG 101

This bundled course gives students an in-depth guide through the NIST Risk Management Framework, as used within the DoD as well as discussion and hands on activities to develop skills needed to apply the DISA Security Technical Implementation Guides.

Description

RMF for DoD IT Fundamentals (Day 1) provides an overview of information security and risk management and proceeds to a high-level view of RMF for DoD IT. Discussion is centered on RMF for DoD IT policies, roles and responsibilities, along with key publications from DoD, the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The class includes high-level discussion of the RMF for DoD IT “life cycle”, including security authorization (aka. certification and accreditation), along with the RMF documentation package and security controls.

RMF for DoD IT In-Depth (Days 2-4) expands on the fundamentals topics at a level of detail that enables practitioners to immediately apply the training to their daily work. Each student will gain an in depth knowledge of the relevant DoD, NIST and CNSS publications along with the practical guidance needed to implement them in the work environment. Each phase of the seven step RMF life cycle is covered in detail, as is each component of the corresponding documentation package. NIST Special Publication (SP) 800-53 Security Controls, along with corresponding assessment procedures, are covered in detail, as are CNSS Instruction 1253 “enhancements”. Individual and group activities are used to reinforce key concepts.

Successfully completing the 4-day RMF training course will help you gain the essential knowledge needed to qualify for the CGRC (Certified GRC Professional) Exam offered by ISC2. 

STIG 101 (Day 5)

This intensive 1-day course offers participants a deep dive into the world of DISA Security Technical Implementation Guides (STIGs) through a hands-on virtual workshop experience. Designed for IT professionals and security practitioners within the Department of Defense (DoD) and beyond, this workshop provides a comprehensive understanding of STIGs and practical skills for implementing them effectively.

Throughout the day, participants will engage in a series of hands-on activities conducted within a virtual machine environment. These activities are carefully crafted to simulate real-world scenarios, allowing participants to gain practical experience in applying STIG requirements to various IT systems and technologies.

Key topics covered in the workshop include:

  • Introduction to DISA Security Technical Implementation Guides (STIGs)
  • Understanding STIG architecture and components
  • Interpreting STIG requirements and controls
  • Implementing STIGs in a virtual machine environment
  • Assessing system compliance and remediating non-compliance issues
  • DoD Provided Tools (STIG Viewer, SCC, and Evaluate-STIG)
  • Best practices for maintaining STIG compliance over time

By the end of the workshop, participants will have acquired the knowledge and skills necessary to confidently implement and maintain DISA STIGs within their organizations. Whether you're a seasoned IT professional or new to the world of STIGs, this workshop offers invaluable hands-on experience to enhance your cybersecurity capabilities and ensure compliance with DoD security standards. Join us for this immersive learning experience and take your STIG implementation skills to the next level!

Course Prerequisites

While no prerequisites are required for enrollment in this course, possessing a foundational comprehension of information security principles and a grasp of compliance and regulatory standards is advantageous. Familiarity with concepts like confidentiality, integrity, availability, risk assessment, and vulnerability management is beneficial. Prior experience in IT or cybersecurity is recommended to enhance your learning experience. 

Hardware requirements: any PC that can run Zoom in the browser or the Zoom app.

Private Group Classes

If you have a group of students (normally 8 or more), any of our training programs can be delivered at your site (in a suitable classroom facility), or in our Online Personal Classroom. Group classes offer significant savings over individual class registrations; the larger the class, the greater the savings.

Please click here to request a quote.

Who Should Attend

RMF for DoD IT + STIG 101 is open to all students (government and contractors).

Similar courses

The 4-day Risk Management Framework (RMF) for Department of Defense (DoD) IT class provides comprehensive training on the process of managing risk in IT systems within the DoD framework. On the final day of the course, participants attend an eMASS (Enterprise Mission Assurance Support Service) class, focusing on the use of the centralized information technology (IT) system used by the DoD for managing cybersecurity risk and the accreditation process.

More Information

The 4-day RMF (Risk Management Framework) for DoD (Department of Defense) IT class covers essential concepts and practices for managing risks associated with IT systems within the DoD framework. Topics include understanding the RMF process, identifying security controls, assessing system vulnerabilities, and developing strategies for risk mitigation.

More Information

Taught by a Navy Qualified Validator, this 5-Day course enables the learner to thoroughly implement and document the necessary security controls in preparation for assessment as well as understand the assessment process in order to be an active participant and ensure the assessment is successful. The fifth day provides an in-depth analysis of STIGs and how the STIGs are incorporated into the implementation and assessment of the security controls.

More Information

The 1-day course on DISA Security Technical Implementation Guides (STIGs) offers comprehensive insights into implementing and maintaining security standards across IT systems within the Department of Defense. Participants learn about the purpose and structure of STIGs, understand how to apply STIG requirements to various systems and technologies, and gain practical skills in assessing system compliance.

More Information