Skip to main content

The Pedagogy of RMF Training

“By far one of the best courses I have
taken in a long time. I just finished up a
10-week graduate course on RMF, and I
learned more in this 4-day class from
Linda than I did the entire 10 weeks, best
money I have ever spent!!”
– BAI RMF for DoD IT student testimonial

BAI’s Mission:
To provide exceptional Risk Management Framework (RMF) training by
building student confidence in their abilities to operationally engage in the RMF
process as efficiently and effectively as possible.

The Pedagogy of RMF Training

By Philip D. Schall, Ph.D., CISSP, RDRP

This short article was created to educate potential BAI students on our training pedagogy.

The Case for the Online Personal Classroom™
It is no secret that the educational landscape has changed dramatically within the past few years due to the COVID-19 pandemic. One of the major changes has been a shift from in-person classroom training to online training. At BAI, we firmly believe that there is no substitute for live instructor-led training conducted by seasoned RMF practitioners. In fact, we have been approached many times about the creation of RMF eLearning courses and other asynchronous RMF training modules, but we stand firm in our belief that in order to fulfill our mission in providing the best RMF training available the ideal delivery platform is live and instructor-led. In order to provide the highest training quality, we have no intentions of deviating from this educational delivery approach as we believe it is the most efficient way for our students to gain a strong understanding of RMF and the ability to work the RMF process.

The Case for In-Person Classes
Although online training is the current trend, as Training Director for BAI, I firmly believe that for some learners, in person training conducted in a physical classroom setting is the best delivery method for their RMF education needs. Because of this, BAI continues to offer our flagship RMF for DoD IT & Federal Agencies curriculum in physical locations throughout the US with a current rotation between Pensacola, San Diego, Colorado Springs, Washington D.C., and Huntsville. I completely understand the convenience of training remotely, but I believe that nothing can substitute the experience of sitting in a classroom without distractions and learning the RMF process while establishing a face-to-face connection with your RMF instructor. As a cybersecurity educator, I hope in the coming year we see a swing back to traditional in-person classroom training.

The Case for Intensive Four-Day RMF Training
As the above student testimonial demonstrates, many of our students feel the intensive nature of our four-day RMF for DoD IT & Federal Agencies training curriculum is the most effective approach to being able to work on RMF projects as quickly as possible and maximize return on investment. As a traditional university educator, I believe that some topics are a good fit for a full semester of education or even graduate coursework, but I firmly believe an intensive RMF deep dive is the best way for students to be able return to their office ready to get to work on RMF activities. Our traditional student population consists of students who have likely been tasked with an RMF responsibility or have been made aware of an impending RMF project coming down the pipeline. Not having a full understanding of RMF is very stressful for those with looming deadlines. In our experience, the best way to build the knowledge and confidence needed is in the delivery of intensive full-day RMF training in four consecutive days leveraging group activities and real-world examples of RMF implementation.

The Case for RMF Training
In a research study published by Cyber Security: A Peer-Reviewed Journal I found a direct relationship between the receipt of formalized RMF training and increased RMF efficiency and reduced overall RMF project costs. Taking this data into consideration, I suggest all parties involved in an RMF project attend live instructor-led RMF training taught by expert RMF practitioners. Through my research, I found that when workers are tasked with an RMF project and attempt to self-educate, RMF efficiency decreases and RMF project timelines and costs increase. RMF is a complicated process best taught by those with an active understanding of the intricacies of the hundreds of government documents and policies which compose RMF. Quite simply, there is no substitute for RMF training delivered by an RMF subject matter expert.

Whether RMF training is delivered in our Online Personal Classroom™ or in a physical classroom, our research and student feedback support our belief that BAI delivers an exceptional RMF training experience.


See the full newsletter and explore more articles like this as well as our full course schedule by clicking the link below:

BAI – RMF Newsletter

Connect with us on LinkedIn and get notified when a new newsletter is posted:

BAI Information Security (RMF Resource Center) — LinkedIn

Post Categories: Risk Management FrameworkRMF Training Tags: