Questions about our corporate training may be directed to


(888) 939-4313


Ask about our mobile training capability and training credits—It saves you money!

Risk Management Framework (RMF) for DoD IT Workshop


In 2014, the DoD Chief Information Officer Teri M. Takai said that starting same day, defense and military system will henceforth go through the risk management framework outlined by the National Institute of Standards and Technology (NIST) rather than through the DoD Information Assurance Certification and Accreditation Process (DIACAP). The change is an expected and overdue one that grew in likelihood as the DoD and NIST actively sought over for years through a joint task force common ground in their cybersecurity guidance documents.


The NIST Risk Management Framework is governed by documents known as special publications, including SP 800-37 and SP 800-39 NIST publishes a catalog of security controls known as the SP 800-53 Rev. 4 (soon Rev. 5), to which defense components will now look to when implementing cybersecurity safeguards and mitigation strategies. STS Systems Support, LLC (SSS), although new to the cyber training world has employed facilitators who have trained thousands of students on DITSCAP, DIACAP, NIST SP 800-37, and now the RMF processes so helping their students transition from one process to the other is the next logical step which is what this course does.


Course Description

SSS offers a revised Risk Management Framework for DoD Information Technology (RMF for DoD IT) Workshop. This intense 5-day Cybersecurity based workshop blends lecture, discussion and hands-on exercises to educate students on the new methodology. This workshop will prepare students to implement the Risk Management Framework for their IT systems as prescribed in the updated DoD series of publications, as well as the related NIST and CNSS publications. The workshop compares and contrasts numerous aspects of  the  DoD C&A process (DIACAP), to the current methodology for categorizing information systems, selecting and implementing applicable security controls and establishing a Continuous Monitoring program. This workshop breaks down the methodology (into steps, tasks, outputs and responsible entities) and includes informative lectures, discussions and exercises which provide a functional understanding of Cybersecurity Risk Management, and the proper selection, implementation and validation of the current Security Controls as outlined on the RMF Knowledge Service and complimented by NIST Special Publications. This course includes a Theoretical Military scenario that students utilize to build their Security Plan and POAM as well as learn to transition from the DIACAP 8500.2 control set to the SP 800-53 Rev. 4 (soon Rev. 5) control set. Computers are utilized during the training and a Resource CD will be provided to the students with all publications and templates needed to complete their authorization packages once they get back to their work site.



The Department of Defense (DoD) has adopted and will transition to the current Cybersecurity Risk Management Framework (RMF) methodology as the replacement for DIACAP. The direction for this transformation comes from the latest set of both DoD and the Committee for National Security Systems (CNSS) document replacements for DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, CNSSP 22, and CNSSI 1253. The process is supported and complimented through a suite of standards and guidelines: NIST Special Publication (SP) 800-37, 800-30, 800-39, 800-53, 800-53A, and 800-137.


Duration: 5-days


Cost of Course: $2,500.00 per student (Government Rates, Volume Rates, and Training Credits are available)


Materials Required: Laptops are required as each student will be asked to create documentation and participate in practical exercises that guide the students. Laptops must have Adobe Acrobat Reader (free version), Excel, Word, and a browser. Resource CDs are provided to each student via download and CDs for those attending this course, for in-class work, as well as supplemental materials.


NOTE: All SSS training locations have appropriately configured laptops for each student to use during class.


Course Materials Provided: Students will receive a workbook (to include instructional slides) and a Resource CD (that includes supporting materials and exercises).


Instructor Policy: Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival, please let us know at the time of registration. Please do not make any travel arrangements prior to 5pm (local time) on the last day of training.


Locations: We offer this course in San Antonio, TX as well as mobile training at your facility for up to 15 students per course. Contact us at or (888) 939-4313 for details, pricing and availability for mobile training options.


Course Topics

RMF for Dod IT Workshop














 STS Systems Support 1826 N Loop 1604 W, Suite 336A San Antonio, TX 78248

STS Systems Support is a Bristol Bay Native Corporation Company

Phone: (210) 892-3511 Fax: (210) 892-3522

© 2017 STS Systems Support, LLC

 CAGE: 7S2T6 DUNS: 08-0448-7230 Tax ID: 81-4325845