Implementing NIST's Risk Management Framework (RMF)

by Bobby Rogers

Challenges in IT today include balancing security, functionality, risk, and compliance, all with limited resources. In this course, you'll learn how the NIST Risk Management Framework can help you do all of this by providing a formal process.

Preview this course

What you'll learn

Managing risk is one of the primary goals of businesses, particularly in the information security program. Risk management provides the vehicle for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective risk management program, considering the organization’s environment, threats, resources, and sensitivity of its data. In this course, Implementing NIST's Risk Management Framework (RMF), you'll gain a solid foundation and knowledge on the risk management aspect of security, as well as, how to employ the RMF to effectively deal with risk and compliance in your organization. First, you'll learn how to categorize systems based upon criticality and impact, select the appropriate security controls, and then implement those controls. Next, you'll also learn how to conduct control and risk assessments. Finally, you'll learn about the system authorization process and how monitoring the effectiveness of controls and ever-changing risk, by performing continued assessments and reauthorization processes, can help you truly manage cyber risk in the organization. By the end of this course, you'll be well-versed in the NIST RMF and how it can help you with both compliance and security.

Course Overview

2mins

Course Overview 2m

Understanding Security, Risk, and Compliance

37mins

Introduction and Compliance, Security, and Risk 2m
Compliance 6m
Security 5m
Risk 5m
Compliance vs. Security 6m
Being Compliant and Secure: Part 1 3m
Being Compliant and Secure: Part 2 4m
The Risk Management Framework 5m
Summary 1m

Using RMF Publications

36mins

NIST Special Publications 4m
Demo: NIST, CSRC, and Publications 5m
RMF Publications 5m
NIST SP 800-39 3m
NIST SP 800-37 2m
NIST SP 800-30 3m
NIST SP 800-53 5m
NIST SP 800-53A 4m
NIST SP 800-60 4m
Summary 1m

Discovering the Cybersecurity Framework

19mins

What Is the CSF? 3m
Understanding the CSF Structure 8m
CSF Tiers and Profiles 4m
Relationship of CSF to RMF 3m
Summary 1m

Understanding the RMF

20mins

Introducing the New RMF 3m
Important RMF Concepts 3m
Risk Tiers 3m
Systems and Authorization 3m
Roles and Responsibilities 5m
Security and Privacy in the RMF 2m
Summary 1m

RMF Preparation

21mins

The Preparation Step 3m
Organization-level Preparation Tasks 6m
System-level Preparation Tasks 9m
RMF Preparation at Globomantics 2m
Summary 1m

Categorizing Information Systems

20mins

Categorize 4m
FIPS 199 3m
NIST SP 800-60 8m
RMF Categorization Tasks 2m
Categorizing Systems at Globomantics 2m
Summary 1m

Selecting Security Controls

20mins

Selecting Security Controls 3m
FIPS-200 3m
NIST SP 800-53 7m
RMF Select Tasks 4m
Control Selection at Globomantics 2m
Summary 1m

Implementing Security Controls

12mins

Implementing Security Controls and Control Fundamentals 5m
Implementing Controls 2m
NIST SP 800-160 2m
RMF Implement Tasks 1m
Implementing Controls at Globomantics 1m
Summary 1m

Assessing Security Controls

22mins

Assessing Security Controls 4m
NIST SP 800-53A 5m
NIST SP 800-30 4m
RMF Assess Tasks 5m
Assessing Systems at Globomantics 3m
Summary 1m

Authorizing Information Systems

9mins

Authorizing Information Systems 3m
Authorization Under NIST SP 800-37r2 1m
RMF Authorize Tasks 3m
Authorizing Systems at Globomantics 1m
Summary 1m

Monitoring Security Controls

13mins

Monitoring Security Controls 2m
NIST SP 800-137 4m
RMF Monitor Tasks 4m
Monitoring Systems at Globomantics 3m
Summary 0m

About the author

Bobby Rogers

Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assura... more

See more courses by Bobby Rogers

Trending courses

Ready to upskill? Get started

2022 Tech Forecast and
Build Better Blueprint

Prepare for shifts and trends in the industry

Implementing NIST's Risk Management Framework (RMF)

What you'll learn

Table of contents

About the author

Trending courses

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and Build Better Blueprint

Prepare for shifts and trends in the industry

Implementing NIST's Risk Management Framework (RMF)

What you'll learn

Table of contents

About the author

Trending courses

STP and EtherChannel Operation and Configuration

Automating Cisco Meraki Operations Using APIs

TCP and UDP Operation

Automating Cisco DNA Center Operations Using APIs

Earning and Retaining Your PMP® Certification

Cisco Enterprise Networks: Basic Networking and IP Fundamentals

Managing Software in Linux with Debian Software Management

Information Systems Auditor: Operations, Maintenance, and Service

SCCM Current Branch: Deploy and Maintain Operating Systems

SCCM Current Branch: Deploy Clients and Manage Inventory

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and
Build Better Blueprint

Ready to skill up
your entire team?

Ready to skill up
your entire team?