Home > Training Catalog > Risk Management Framework Fundamentals

Risk Management Framework Fundamentals

4 Days Online / On-Site DoD, NIST & CNSS

Risk Management Framework Fundamentals starts with an overview of information security and risk management, then moves into a high-level look at how RMF is used across your environments.

This class goes through all seven steps of the RMF process. Discussions focus on RMF policies, roles, and responsibilities, along with key guidance from the DoD, NIST, and CNSS.

The class also walks through the RMF life cycle at a high level, including security authorization (formerly known as certification and accreditation), the core RMF documentation, and the security controls that support the process.

Who Should Attend?

ISSOs & ISSEs

Practitioners who manage RMF packages for Federal or DoD systems.

System Owners

ISOs responsible for the system's risk and compliance status.

Certification Seekers

Professionals preparing for the ISC2 CGRC (formerly CAP) exam.

Course Syllabus Highlights

01

Foundations & Preparation

Information Security Overview, Risk Management Principles, and RMF Step 0 (Prepare).

02

Categorization & Selection

RMF Step 1 & 2. Categorizing the system (CNSSI 1253/FIPS 199) and selecting initial controls.

03

Implementation & Assessment

RMF Step 3 & 4. Implementing controls and conducting the independent assessment (SCA).

04

Authorization & Monitoring

RMF Step 5 & 6. The ATO decision process and setting up Continuous Monitoring (ISCM).

Certification Preparation: CGRC

Certified Governance, Risk and Compliance

This course covers the comprehensive knowledge required for RMF practitioners. After taking this class, most students are prepared to take the ISC2 CGRC exam (formerly known as CAP).

Why CGRC?

The CGRC certification validates your skills in authorizing and maintaining information systems. It is the premier certification for professionals using the Risk Management Framework (RMF).

DoD 8570 IAM Level I DoD 8570 IAM Level II

Frequently Asked Questions

Is this updated for NIST SP 800-53 Rev 5?
Yes. We teach the latest standards including NIST SP 800-53 Rev 5, NIST SP 800-37 Rev 2, and current DoD instructions.
Does this course include the exam voucher?
No. This course prepares you for the exam, but the CGRC exam must be scheduled and purchased separately through Pearson VUE / ISC2.
Risk Management Framework Training

Select a Session

January 26, 2026

Virtual Instructor-Led $2,500.00
Register for Jan 26

February 02, 2026

In-Person: Pensacola, FL

Residence Inn Pensacola Airport

$2,500.00
Register for Feb 02

February 09, 2026

Virtual Instructor-Led $2,500.00
Register for Feb 09

February 23, 2026

In-Person: Colorado Springs

Odyssey Systems

$2,500.00
Register for Feb 23

Secured by Square