Name: RMF for Federal Agencies 2.0
Price: 3000.00 USD
Availability: InStock

Designed specifically for non-DoD federal agencies (DHS, HHS, VA, etc.), this course focuses on the "Civil" application of the Risk Management Framework as mandated by FISMA. It strips away the military-specific terminology and focuses purely on NIST compliance and civil agency requirements.

Who Should Attend?

Civil ISSOs

Security Officers working for DHS, VA, HHS, State Dept, and other federal entities.

Contractors

Private sector partners needing to maintain an ATO for government-facing systems.

Privacy Officers

Personnel responsible for PII/PHI protection and Privacy Impact Assessments (PIA).

Course Syllabus

FISMA & Policy Frameworks

Understanding the legal mandate. We cover the E-Government Act of 2002 (FISMA), OMB Circular A-130, and the role of NIST in civil government security.

FIPS 199 Categorization

Unlike DoD's CNSS 1253, federal agencies use FIPS 199. Learn to categorize information types (e.g., Financial, Health, PII) to determine the system's High/Mod/Low impact.

Privacy & Controls

Implementing the Privacy Overlay. How to handle PII (Personally Identifiable Information) and PHI (Protected Health Information) within the SSP.

The Assessment Lifecycle

Preparing for the independent assessment. Developing the Security Assessment Plan (SAP), gathering artifacts, and submitting the package for Authorization.

Frequently Asked Questions

How is this different from the DoD RMF course?

The DoD course focuses on CNSS 1253, eMASS, and military instructions. This course focuses on FIPS 199, OMB requirements, and the specific needs of civil agencies (like Privacy Impact Assessments), which are less emphasized in DoD.

Does this course cover CSAM?

While we discuss the principles of GRC tools like CSAM (Cyber Security Assessment and Management) used by DOJ/DHS, the course focuses on the process and data rather than clicking buttons in a specific tool.

RMF for Federal Agencies 2.0