Skip to main content
We are dedicated to providing the most comprehensive RMF training and consulting services to government organizations and their supporting contractors, vendors, and service providers.

BAI RMF Resource Center is the leading information security consulting and training company specializing in Risk Management Framework (RMF).

Our training enables our customers to understand and work through the many intricacies of the RMF process with an overall goal of achieving an Authorization to Operate (ATO) which is mandatory for systems to come online in a government environment.

With over 40 years experience, our team of consultants and trainers are experienced in the nuances of government information security and compliance.

RMF for DoD IT (4 days)

RMF for DoD IT training program is suitable for DoD employees and contractors. This four-day program includes comprehensive coverage on policy background, roles and responsibilities, lifecycle process, security controls/assessment and documentation.  RMF for DoD IT is offered in a one day fundamentals class or the four day full program.

Learn More               REGISTER NOW

RMF for Federal Agencies (4 days)

RMF for Federal Agencies includes a high-level understanding of the RMF for Federal IT life cycle including security authorization (certification and accreditation) along with the RMF documentation package and NIST security controls.  RMF for Federal Agencies is offered in a one day fundamentals class and the four day full program.

Learn More              REGISTER NOW

eMASS eSSENTIALS ™ (1 day)

eMASS eSSENTIALS ™ provides “how to” guidance for The Enterprise Mission Assurance Support Service, or eMASS, a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services supporting RMF in the DoD environment. Training includes the hands-on eMASS eXPERIENCE Simulator™. The eMASS eXPERIENCE Simulator™ was created to provide an authentic eMASS user experience without the consequences of entering incorrect data in a live eMASS system.

*The eMASS eXPERIENCE Simulator™ does not require a DoD Common Access Card (CAC).

Learn More               REGISTER NOW

STIG 101 (1 day)

STIG 101 is designed to answer foundational questions about DISA STIG tools as well as offering BAI’s real-world experience as a provider of RMF consulting services. The training program covers Security Technical Implementation Guide (STIG) Overview, Best Practices, STIG Content, SCAP Compliance Checker(SCC), STIG Viewer, How To STIG, SCAP/STIG Resources.  Training includes a hands-on lab in a virtual environment.

Learn More              REGISTER NOW

RMF Supplement for DCSA Cleared Contractors (1 day)

This one-day course covers the specifics of RMF as it applies to cleared contractor companies under the purview of the Defense Counterintelligence and Security Agency (DCSA). Companies holding a Facility Clearance who also maintain “on premise” information technology (such as standalone computers and small networks) will benefit from this training.

Learn More              REGISTER NOW

RMF in the Cloud (1 day)

RMF in the Cloud is recommended for government employees and contractors working (or planning to work) in the cloud environment. This training program provides students the foundational knowledge to support RMF for government systems being developed for, or migrating to, the cloud environment.

Learn More               REGISTER NOW

Security Control Implementation and Assessment Workshop (4 days)

The Security Control Implementation and Assessment Workshop is a 4 day bundle made up of two separate classes focusing on steps 3 and 4 of the Risk Management Framework (RMF).

Learn More               REGISTER NOW

Continuous Monitoring (ISCM) Fundamentals (1 day)

The program seeks to equip learners with knowledge of the theory and policy background underlying continuous monitoring as well as the practical knowledge needed for effective implementation. The program focuses on Information Security Continuous Monitoring (ISCM), which is one of the cornerstones of RMF.

Learn More              REGISTER NOW

DFARS Compliance with CMMC/NIST SP 800-171 Readiness Workshop (3 days)

All DoD contractors and subcontractors with systems that process, transmit or store Controlled Unclassified Information (CUI) must be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity requirements. These are specified in the DFARS Interim Rule based on NIST SP 800-171, and separately in the Cybersecurity Maturity Model Certification (CMMC) Level 3.  Both apply controls from NIST SP 800-53, the catalog that forms the basis of the highly rigorous Risk Management Framework (RMF) for DoD Federal internal systems.

You can be confident this class will provide the knowledge and skills you need to meet DFARS.

Learn More               REGISTER NOW

RMF and Supply Chain Security (1 day)

The RMF and Supply Chain Security training program is tailored for government acquisition personnel, contractors, and vendors in the defense industrial base involved in procurement, IT security, compliance, and risk management. This class is for anyone responsible for the protection of sensitive information and intellectual property, including within their organization’s supply chain.

Learn More              REGISTER NOW

Why BAI?

Training Team

Our training team has an average of 20 years experience in information security and an extensive background working with government systems and agencies.


Our long-standing customers, some of whom have been with us since inception, bear testimony to the quality of our training. Our programs have helped clients achieve significant and sustainable improvement in their information security posture, improved stakeholder satisfaction, and continued RMF compliance.

Industry thought leadership

We invest heavily in developing knowledge and tools to ensure our programs deliver real-life success. Our team is continuously updating training materials to reflect current RMF guidance as well as publishing regularly in an effort to forecast the future of RMF.

Experienced Enterprise

BAI has over 40 years of experience working with technology systems and information security.


The details of RMF can be overwhelming, so we provide ongoing support to students as they work through RMF implementation in their environment.

Ready for training?