WIXLIB

Risk Management Framework (RMF)Resource Center1-800-RMF-1903 (763-1903)www.rmf.orgInformation Security Training Programs –Risk Management Framework (RMF) training and MORE!Class schedule through September 2022 – including DCSA RMF training!RISK MANAGEMENT FRAMEWORK (RMF)TRAINING PROGRAMSOur flagship offering is a four-day program, comprised of a one-day RMF Fundamentals class followed by a three-dayRMF In Depth class.Risk Management Framework (RMF) forDoD IT Training Program (Four Days)The RMF for DoD IT training program is suitable forDoD employees and contractors. The full programconsists of a one-day RMF for DoD IT Fundamentalsclass, followed by a three-day RMF for DoD IT In Depthclass.RMF for DoD IT Fundamentals (First Day) provides anoverview of information security and risk managementand proceeds to a high-level view of RMF for DoD IT.Discussion is centered on RMF for DoD IT policies, rolesand responsibilities, along with key publications from theNational institute of Standards and Technology (NIST)and the Committee on National Security Systems(CNSS). The class includes high-level discussion of theRMF for DoD IT “life cycle”, including securityauthorization (aka. certification and accreditation), alongwith the RMF documentation package and NIST securitycontrols.RMF for DoD IT In Depth (Days 2-4) expands on thesetopics at a level of detail that enables practitioners toimmediately apply the training to their daily work. Eachstudent will gain an in depth knowledge of the relevantDoD, NIST and CNSS publications along with thepractical guidance needed to implement them in thework environment.Each life cycle activity in the DoD Instruction 8510.01(RMF for DoD IT) is covered in detail, as is eachcomponent of the corresponding documentationpackage. NIST Special Publication (SP) 800-53 SecurityControls, along with corresponding assessmentprocedures, are covered in detail, as are CNSSInstruction 1253 “enhancements”. Class participationexercises and collaboration reinforce key concepts.Risk Management Framework (RMF)for Federal Agencies Training Program(Four Days)The RMF for Federal Agencies training program issuitable for federal employees and contractors in nonDoD “civil” agencies and the Intelligence Community.The full program consists of a one-day RMF forFederal Agencies Fundamentals class, followed bya three-day RMF for Federal Agencies In Depthclass.RMF for Federal Agencies Fundamentals (FirstDay) provides an overview of information security andrisk management and proceeds to a high-level view ofFISMA regulations, roles, and responsibilities, andNIST RMF process steps, including securityauthorization (aka. certification and accreditation). Italso includes an introduction to the NIST RMFdocumentation package and the NIST securitycontrols.RMF for Federal Agencies In Depth (Days 2-4)expands on these topics at a level of detail thatenables practitioners to immediately apply the trainingto their daily work. Each student will gain an in depthknowledge of the NIST publications along with thepractical guidance needed to implement them inhis/her environment.Each activity in the NIST SP 80-37 Risk ManagementFramework is covered in detail, as is each componentof the documentation package. NIST SP 800-53Security Controls and NIST 800-53a AssessmentProcedures are covered in detail, as are CNSSI 1253“enhancements” applicable to National Securitysystems and the Intelligence Community. “Classparticipation” exercises and collaboration reinforcekey concepts.New Course: Risk Management Framework (RMF) for DCSA Cleared Contractors (One Day)This course is a one-day supplement for RMF as it applies to cleared contractor companies under the purview of theDefense Counterintelligence and Security Agency (DCSA). Prior completion of 4 day RMF for DoD IT is recommended.Companies holding a Facility Clearance who also maintain “on premise” information technology (such as standalonecomputers and small networks) will benefit from this training. The primary goal of the RMF for DCSA training program is toprovide detailed practical application based RMF training that will help cleared contractors work through RMF requirementstowards obtaining an ATO in the most efficient means possible.INSTRUCTORS ARE AVAILABLE TO DELIVER TRAINING AT YOUR SITE

Risk Management Framework (RMF)Resource Center1-800-RMF-1903 (763-1903)www.rmf.orgInformation Security Training Programs –Risk Management Framework (RMF) training and MORE!Class schedule through September 2022 – including DCSA RMF training!RMF SUPPLEMENTAL CLASSESThese classes provide specialized training to supplement your RMF for DoD IT or RMF for Federal Agencies training. Classesare offered on a regularly-scheduled basis, using our Online Personal Classroom technology, and can also be provided as anoptional “fifth day” for classroom deliveries of RMF training.eMASS eSSENTIALS Training Program(One-day RMF training supplement)eMASS eSSENTIALS is a one-day training program thatprovides practical guidance on the most commonly usedeMASS features and functions. eMASS eSSENTIALS alsoincludes a real, hands-on aspect via our eMASSeXPERIENCE simulator. The class is open to all students(both government and contractors) with an interest ineMASS, particularly those who have previously attendedRMF for DoD IT training.STIG 101 Training Program(One-day RMF training supplement)STIG 101 is designed to answer core questions andprovide guidance on the implementation of DISASTIGs. Students will gain a conceptualunderstanding of DISA STIGs as well as real-worldimplementation instruction. STIG 101 utilizes BAI’sexperience as a provider of RMF consulting services.Topics include: STIG Overview, Best Practices,STIG Content, SCAP Compliance Checker (SCC),STIG Viewer, STIG “How To”, and STIG/SCAPResources.Security Controls Assessment Workshop(Two-day RMF training supplement)Security Controls Assessment Workshopprovides a current and well-developed approach toevaluation and testing of security controls to provethey are functioning correctly in today’s IT systems.This course shows you how to evaluate, examine,and test installed security controls in the world ofthreats and potential breach actions surrounding allindustries and systems. If a system is subject toexternal or internal threats and vulnerabilities –which most are – then this course will provide auseful guide for how to evaluate the effectiveness ofthe security controls that are in place.Security Controls Implementation Workshop(Two-day RMF training supplement)Security Controls Assessment Workshop provides anin-depth look into Step 3 of the Risk ManagementFramework process Implement Security Controls. Uponcompletion of the course the student can confidentlyreturn to their respective organizations and ensure thehighest level of success for the most difficult part of theRMF process.RMF in the Cloud Training Program(One-day RMF training supplement)RMF in the Cloud training is designed to answerfoundational questions about RMF and cloudmigration as well as offering BAI’s real worldexperience in cloud migration as a provider of RMFconsulting services. RMF in the Cloud is a vendorneutral course utilizing our first- hand consultingexperience. RMF in the Cloud topics include cloudpreparation, FedRAMP, security control inheritance,common pitfalls and cloud tools.Information Security ContinuousMonitoring(One-day RMF training supplement)This one-day training program provides an overview ofInformation Security Continuous Monitoring (ISCM)principles and practices, in accordance with NIST SpecialPublication (SP) 800-137, guidance from DoD and otherfederal agencies, and industry best practices. Completionof the full four-day RMF for DoD IT or RMF for FederalAgencies training program is a prerequisite.INSTRUCTORS ARE AVAILABLE TO DELIVER TRAINING AT YOUR SITE

Risk Management Framework (RMF)Resource Center1-800-RMF-1903 (763-1903)www.rmf.orgInformation Security Training Programs –Risk Management Framework (RMF) training and MORE!Class schedule through September 2022 – including DCSA RMF training!OTHER TRAINING PROGRAMSDFARS Compliance with CMMC/NIST SP800-171 Readiness Workshop(Three Days)Cybersecurity Framework (CSF)Fundamentals (One-day trainingsupplement)All DoD contractors and subcontractors withsystems that process, transmit or store ControlledUnclassified Information (CUI) must be compliantwith the Defense Federal Acquisition RegulationSupplement (DFARS) cybersecurity requirements.These are specified in the DFARS Interim Rulebased on NIST SP 800-171, and separately in theCybersecurity Maturity Model Certification (CMMC)Level 3. Both apply controls from NIST SP 800-53,the catalog that forms the basis of the highlyrigorous Risk Management Framework (RMF) forDoD Federal internal systems.CSF Fundamentals provides a high-level view of CSF.Discussion is centered on identifying the primary drivers(policy and guidance), differentiating amongst theCybersecurity Framework Core (including functions,categories, subcategories and information references).Students will also learn to identify the various frameworksin the CSF references and describe the Framework profileas it relates to implementation tiers. Additional focus isplaced upon the CSF self-assessment process as well assector specific guidance.Given these common core components, and withBAI’s established leadership as the “go to” trainingand consulting experts on the Risk ManagementFramework (RMF), you can be confident that ourDFARS Compliance with CMMC/NIST SP 800171 Readiness Workshop will provide you withthe knowledge and skills you need to meet DFARS.True to our motto of “We ARE RMF!”, the “DFARSCompliance with CMMC/NIST SP 800-171”curriculum has been designed by RMFpractitioners who can offer you the industrystandard for getting through the process of controlimplementation and assessment! Differentiate CMMC process maturity byassociated levels and relevant indicatorsIdentify relevant CUI guidanceDifferentiate requirements for CMMC versusNIST SP 800-171Develop preliminary plans and associatedevidence to support a cybersecurity selfassessment as well as an externalassessmentFollow procedures for the NIST SP 800-171DoD Assessment Methodology, Version1.2.1 (required in the new Interim Rule)Define components of an action plan andtransition roadmap for CMMC or NIST SP800-171 implementationCybersecurity Framework (CSF)Training (Four Days)The Cybersecurity Framework (CSF) full programprovides a CSF Fundamentals overview and thenexpands on the central tenet of the Framework,which is effective risk management. In this course,participants will have the opportunity to apply theCybersecurity Framework Core functions,categories, subcategories and informationreferences, and to select controls among theinformation references. Training includes anoverview of information security and riskmanagement with Cybersecurity Framework policiesand relevant publications. The program addressesthe CSF life cycle which involves the following steps: Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a current profile Step 4: Conduct a risk assessment Step 5: Create a target profile Step 6: Determine, analyze andprioritize gaps Step 7: Implement action planAdditional attention will be given to key topicssuch as supply chain risk management (SCRM)and primary CSF related guidance.INSTRUCTORS ARE AVAILABLE TO DELIVER TRAINING AT YOUR SITE