Home > Training > Federal RMF in Practice
NIST & FISMA Focus

Building a Federal Agency Security Package – RMF in Practice

4-Day Program Civil Agencies Privacy Overlays

The Program

Designed specifically for non-DoD federal agencies (DHS, HHS, VA, etc.), this course provides students with a comprehensive working knowledge of the Risk Management Framework as mandated by FISMA. We strip away the military-specific terminology and focus purely on NIST compliance and civil agency requirements.

Discussion is centered on RMF policies, roles, and responsibilities, along with key publications including NIST SP 800-37, FIPS 199/200, and OMB Circular A-130.

Program Structure

Part 1: Fundamentals (Day 1)

Foundation

Provides a high-level view of the RMF lifecycle for Civil Agencies, covering the security authorization process and the RMF documentation package.

  • Policy Background (FISMA, OMB)
  • Roles & Responsibilities
  • RMF Lifecycle Overview
  • NIST SP 800-53 Controls

Part 2: In-Depth (Days 2-4)

Implementation

Detailed breakdown of the RMF lifecycle, enabling practitioners to build packages for federal systems. Covers Privacy Overlays and Civil Agency specific requirements.

Step 1: Categorize

Categorize system using FIPS 199, define boundary, and conduct risk assessments.

Step 2: Select

Select and tailor controls, identify overlays (Privacy), and plan monitoring.

Step 3: Implement

Implement controls, document in the SSP, and utilize automated scanning tools.

Step 4: Assess

Identify the assessment team, prepare the Security Assessment Plan (SAP), and execute.

Step 5: Authorize

Prepare the Authorization Package (SAR, POA&M) for the Authorizing Official.

Step 6: Monitor

Continuous monitoring strategies, ongoing authorization, and system removal.

Who Should Attend?

This program is suitable for Federal employees and contractors supporting Civil Agencies (DHS, VA, HHS, etc.).

  • Full 4-Day Program: Recommended for ISSOs, Contractors, and Practitioners.
  • 1-Day Fundamentals: Suitable for Program Managers needing high-level RMF knowledge.

Delivery Methods

Online Personal Classroom™

Offered on a regularly-scheduled basis using our live, instructor-led technology.

Classroom Locations

Available in several classroom locations nationwide.

Federal Security Package Training

Request Training

Flexible Scheduling

Contact us for the latest class schedule.

Payment Options

We accept SF-182s and GPC.

Contact Us for a Quote