Skip to main content

This bundled course gives students an in-depth guide through the NIST Risk Management Framework, as used within the DoD as well as discussion and hands on activities to develop skills needed to apply the DISA Security Technical Implementation Guides.

Interested in attending? Have a suggestion about running this event near you?
Register your interest now

Description

RMF for DoD IT Fundamentals (Day 1) provides an overview of information security and risk management and proceeds to a high-level view of RMF for DoD IT. Discussion is centered on RMF for DoD IT policies, roles and responsibilities, along with key publications from DoD, the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The class includes high-level discussion of the RMF for DoD IT “life cycle”, including security authorization (aka. certification and accreditation), along with the RMF documentation package and security controls.

RMF for DoD IT In-Depth (Days 2-4) expands on the fundamentals topics at a level of detail that enables practitioners to immediately apply the training to their daily work. Each student will gain an in depth knowledge of the relevant DoD, NIST and CNSS publications along with the practical guidance needed to implement them in the work environment. Each phase of the seven step RMF life cycle is covered in detail, as is each component of the corresponding documentation package. NIST Special Publication (SP) 800-53 Security Controls, along with corresponding assessment procedures, are covered in detail, as are CNSS Instruction 1253 “enhancements”. Individual and group activities are used to reinforce key concepts.

Successfully completing the 4-day RMF training course will help you gain the essential knowledge needed to qualify for the CGRC (Certified GRC Professional) Exam offered by ISC2. 

STIG 101 (Day 5)

This intensive 1-day course offers participants a deep dive into the world of DISA Security Technical Implementation Guides (STIGs) through a hands-on virtual workshop experience. Designed for IT professionals and security practitioners within the Department of Defense (DoD) and beyond, this workshop provides a comprehensive understanding of STIGs and practical skills for implementing them effectively.

Throughout the day, participants will engage in a series of hands-on activities conducted within a virtual machine environment. These activities are carefully crafted to simulate real-world scenarios, allowing participants to gain practical experience in applying STIG requirements to various IT systems and technologies.

Key topics covered in the workshop include:

  • Introduction to DISA Security Technical Implementation Guides (STIGs)
  • Understanding STIG architecture and components
  • Interpreting STIG requirements and controls
  • Implementing STIGs in a virtual machine environment
  • Assessing system compliance and remediating non-compliance issues
  • DoD Provided Tools (STIG Viewer, SCC, and Evaluate-STIG)
  • Best practices for maintaining STIG compliance over time

By the end of the workshop, participants will have acquired the knowledge and skills necessary to confidently implement and maintain DISA STIGs within their organizations. Whether you're a seasoned IT professional or new to the world of STIGs, this workshop offers invaluable hands-on experience to enhance your cybersecurity capabilities and ensure compliance with DoD security standards. Join us for this immersive learning experience and take your STIG implementation skills to the next level!

Course Prerequisites

While no prerequisites are required for enrollment in this course, possessing a foundational comprehension of information security principles and a grasp of compliance and regulatory standards is advantageous. Familiarity with concepts like confidentiality, integrity, availability, risk assessment, and vulnerability management is beneficial. Prior experience in IT or cybersecurity is recommended to enhance your learning experience. 

Hardware requirements: any PC that can run Zoom in the browser or the Zoom app.

Private Group Classes

If you have a group of students (normally 8 or more), any of our training programs can be delivered at your site (in a suitable classroom facility), or in our Online Personal Classroom. Group classes offer significant savings over individual class registrations; the larger the class, the greater the savings.

Please click here to request a quote.

Who Should Attend

RMF for DoD IT + STIG 101 is open to all students (government and contractors).