Intermediate

NIST Risk Management Framework (RMF)

The RMF is a process model consisting of seven clearly defined steps, each with specific associated activities. While it is often described sequentially, it is in fact an iterative model:...

Securing information and systems requires careful planning, deep familiarity with security controls, and a solid grasp of risk management principles. Whether you are new to risk management or an experienced practitioner now tasked with applying formal risk management processes to a system, understanding the basic concepts behind the NIST Risk Management Framework (RMF) is essential. This document provides the foundations of the RMF and explains how to use it to secure systems and reduce organizational risk. It covers the purpose and scope of the RMF and FISMA, the RMF process and its supporting publications, the benefits and trade-offs of using the RMF, and the legal and regulatory requirements that surround it. A running case study — a fictional government contractor called Globomantics — is used throughout to ground the concepts in a realistic implementation scenario. Readers should already be familiar with general IT and cybersecurity fundamentals.

This module introduces the RMF: what it is, why it exists, and what it does for an organization. It also covers the benefits and challenges of adopting the RMF, the legal and regulatory backdrop that makes it mandatory for many orga...

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

5 sections
  1. 1 Table of Contents
  2. 2 Module 1: Introduction to the Risk Management Framework
  3. 3 Module 2: Understanding the RMF Process
  4. 4 Module 3: Implementing the RMF in Practice
  5. 5 Summary

More Governance, Risk & Compliance courses

View all 12

Governance, Security and GRC

governance · security · grc · risk · compliance · networking · systems · information · controls · impact · processes · program · regulatory.

Intermediate

Government Facilities: Specialized Engineering

government · facilities · specialized · engineering · governance · risk · compliance · networking · systems · security · controls · physical · assessing · dod · environmental · facility ·...

Intermediate

Information & Cyber Security: GRC and Risk Management

This course walked through a complete, practical approach to performing information and cybersecurity risk assessments across a business lifecycle, using a running cloud-migration case st...

Intermediate

Information Systems Operations and Business Resilience (ISACA CISA)

This domain — information systems operations and business resilience — is worth 26% of the CISA examination when combined with its companion operations-focused course. The business-resili...

Intermediate

Microsoft Security, Compliance and Identity Fundamentals

In IT, compliance is a set of digital security requirements and practices. Following compliance requirements helps ensure that a company's business processes are secure and that sensitive...

Beginner

Protection of Information Assets: Security Event Management (ISACA CISA)

Every technology, process, and policy in an organization must be monitored to confirm that the technology is functioning correctly, that policies remain current, and that procedures repre...

Intermediate

Interested in this course?

Contact us to book it or get a custom training plan for your team.