We are dedicated to providing the most comprehensive RMF training and consulting services to government organizations and their supporting contractors, vendors, and service providers.
  • All BAI classes now available live instructor-led online.
    Coming soon! RMF for DoD IT + eMASS live instructor-led
    Next class October 26 - October 30 in The Online Personal Classroom™.

  • We are uniquely positioned to deliver our training to private groups via Online Personal Classroom™ technology at very economical pricing.  No travel expenses! We bring RMF to you!

  • BAI is the market leader in RMF training. Our RMF trainers are active RMF practitioners. We have helped thousands of military personnel, civilian government employees, and contractor personnel navigate the RMF process.

BAI RMF Resource Center is the leading information security consulting and training company specializing in Risk Management Framework (RMF).

Our training enables our customers to understand and work through the many intricacies of the RMF process with an overall goal of achieving an Authorization to Operate (ATO) which is mandatory for systems to come online in a government environment.

With over 40 years experience, our team of consultants and trainers are experienced in the nuances of government information security and compliance.

RMF for DoD IT (4 days)

RMF for DoD IT training program is suitable for DoD employees and contractors. This four-day program includes comprehensive coverage on policy background, roles and responsibilities, lifecycle process, security controls/assessment and documentation.  RMF for DoD IT is offered in a one day fundamentals class or the four day full program.

Learn More               REGISTER NOW

eMASS eSSENTIALS ™ (1 day)

eMASS eSSENTIALS ™ provides “how to” guidance for The Enterprise Mission Assurance Support Service, or eMASS, a web-based Government off-the-shelf (GOTS) solution that automates a broad range of services supporting RMF in the DoD environment. Training includes a hands-on lab in a virtual environment.

Learn More               REGISTER NOW

STIG 101 (1 day)

STIG 101 is designed to answer foundational questions about DISA STIG tools as well as offering BAI’s real-world experience as a provider of RMF consulting services. The training program covers Security Technical Implementation Guide (STIG) Overview, Best Practices, STIG Content, SCAP Compliance Checker(SCC), STIG Viewer, How To STIG, SCAP/STIG Resources.  Training includes a hands-on lab in a virtual environment.

Learn More              REGISTER NOW

RMF Supplement for DCSA Cleared Contractors (1 day)

This one-day course covers the specifics of RMF as it applies to cleared contractor companies under the purview of the Defense Counterintelligence and Security Agency (DCSA). Companies holding a Facility Clearance who also maintain “on premise” information technology (such as standalone computers and small networks) will benefit from this training.

Learn More              REGISTER NOW

RMF in the Cloud (1 day)

RMF in the Cloud is recommended for government employees and contractors working (or planning to work) in the cloud environment. This training program provides students the foundational knowledge to support RMF for government systems being developed for, or migrating to, the cloud environment.

Learn More               REGISTER NOW

Security Control Assessor (SCA) Workshop (2 days)

Security control assessment is a fundamental step in the RMF process.  The SCA Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems.

Learn More               REGISTER NOW

Continuous Monitoring (ISCM) Fundamentals (1 day)

The program seeks to equip learners with knowledge of the theory and policy background underlying continuous monitoring as well as the practical knowledge needed for effective implementation. The program focuses on Information Security Continuous Monitoring (ISCM), which is one of the cornerstones of RMF.

Learn More              REGISTER NOW

CMMC Readiness Workshop (3 days)

The CMMC Readiness Workshop provides extensive CMMC knowledge that will help DoD contractors work through CMMC requirements towards certification in the most efficient means possible while still meeting all requirements of CMMC guidance published by DoD.  CMMC Readiness Workshop is offered in a one day fundamentals class or  the three day full program.

Learn More               REGISTER NOW

RMF for Federal Agencies (4 days)

RMF for Federal Agencies includes a high-level understanding of the RMF for Federal IT life cycle including security authorization (certification and accreditation) along with the RMF documentation package and NIST security controls.  RMF for Federal Agencies is offered in a one day fundamentals class and the four day full program.

Learn More              REGISTER NOW

Cybersecurity Framework (CSF) (4 days)

The Cybersecurity Framework (CSF) training program is suitable for anyone who is interested in learning more about the application of CSF. The course goal is to develop comprehensive knowledge of CSF principles, including the policy drivers, process and key CSF resources.

Learn More              REGISTER NOW

Why BAI?

Training Team

Our training team has an average of 20 years experience in information security and an extensive background working with government systems and agencies.


Our long-standing customers, some of whom have been with us since inception, bear testimony to the quality of our training. Our programs have helped clients achieve significant and sustainable improvement in their information security posture, improved stakeholder satisfaction, and continued RMF compliance.

Industry thought leadership

We invest heavily in developing knowledge and tools to ensure our programs deliver real-life success. Our team is continuously updating training materials to reflect current RMF guidance as well as publishing regularly in an effort to forecast the future of RMF.

Experienced Enterprise

BAI has over 40 years of experience working with technology systems and information security.


The details of RMF can be overwhelming, so we provide ongoing support to students as they work through RMF implementation in their environment.

Ready for training?