NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF)

Learn to create a complete Risk Management Framework from scratch with NIST Risk Management Guidelines

4.30 (100 reviews)
Network & Security
NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF)
9.5 hours
Sep 2022
last update
regular price

What you will learn

Deep dive in all 6 Steps of the NIST RMF: Categorize, Select, Implement, Assess, Authorize, Monitor

Learn the Guide for Applying the Risk Management Framework to Federal Information Systems

Master the Guide for Security and Privacy Controls for Federal Information Systems and Organizations

Understand NIST SP 800-37, SP 800-53 and SP 800-53A Standards in Depth

Security Impact Analysis

FIPS 199 and FIPS 200 Standards

4 Step Security Categorization

Selecting Security Controls Baseline

Document the Security Control Implementation in the Security Plan

Prepare the Security Assessment Report

Certification and Accreditation

Practical Applications of the NIST Risk Management Framework

Implementing Information Security Controls and Evaluating the Control Set


The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).

  • Prepare essential activities to prepare the organization to manage security and privacy risks

  • Categorize the system and information processed, stored, and transmitted based on an impact analysis

  • Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s)

  • Implement the controls and document how controls are deployed

  • Assess to determine if the controls are in place, operating as intended, and producing the desired results

  • Authorize senior official makes a risk-based decision to authorize the system (to operate)

  • Continuously monitor control implementation and risks to the system

This course will give you comprehensive understanding of the risk management process for all organizations. Therefore, the NIST RMF is also potentially applicable to risk management in all corporate settings. This course is a comprehensive explication of the topic of risk management and it will allow a person to understand the application and uses of the RMF content. The people who would benefit from this knowledge range from managers to all types of technical workers and specialists.

Section 2: Introduction to Organizational Security Risk Management

This section presents an overview of organizational risk management through an exploration of the types of organizational risks that senior leaders must identify, the necessity and benefits of managing those risks, and the information security regulation that senior leaders must consider as they manage risk.

Section 3: Survey of Existing Risk Management Models

This section discuss various models that can be used to implement the NIST RMF. The goal is to provide a comparative assessment of existing models and demonstrate how the NIST framework sets itself apart from other models.

Section 4: Categorize Information and Information Systems

This section begins with a definition of security impact analysis. CNSSI 1253 Security Categorization and Control Selection for National Security Systems and FIPS 199 Standards for Security Categorization of Federal Information and Information Systems are explored, compared, and contrasted as a source of guidelines for organizations to perform the information system categorization process. The major focus of this section centers around understanding the tables available in NIST SP 800- 60, Guide for Mapping Types of Information and Information Systems; the security categories; and utilizing FIPS 199 as a means of implementing the security categorization; and the information classification process of the NIST RMF.

Section 5: Select Security Controls

This section begins with an introduction of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. Further, this guideline is used for establishing security boundaries and the identification of minimum security requirements. This section also provides a discussion related to the contents of the security plan, and continuous monitoring strategy (which are two of the underlying outputs of the control selection process).

Section 6: Implement Security Controls

This section starts with a review of the system development life cycle (SDLC) and explores when activities and tasks associated with security control implementation get performed. Emphasis is placed on the standards development and acquisition processes as a means for providing details related to the development of an organizational information security architecture while at the same time integrating it into the organization’s enterprise architecture.

Section 7: Assess Security Controls

This section begins by using NIST 800-30, Guide for Conducting Risk Assessments, as a directive for a discussion of the process of security risk assessment. You will understand that security risk assessment and security control assessment are not only different processes but also complimentary in nature. The major focus of this section is on how to use NIST SP 800- 53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations—Building Effective Assessment Plans. This includes development of a security control assessment plan. The section will also demonstrate that through security control assessment based on an established plan, you will be able to identify and further disclose security risks that may exist within the organization.

Section 8: Authorize Information Systems

The first major component of this section provides a detailed discussion of the creation and dissemination of the security authorization package that includes: security plan, security assessment report, and plan of action and milestones. This section begins with a discussion of the criteria included and creation of a plan of action and milestones. You will appreciate that the plan provides the strategies for how the organization will correct security weaknesses or deficiencies identified through security control assessment.

Section 9: Monitor Security State

This section emphasizes the strategies associated with the ongoing security control assessments, remediation action strategies, procedures for implementing documentation and plan updates, implementing security status reporting procedures, strategies associated with ongoing risk determination and acceptance, and secure procedures for information system removal and decommission.

Section 10: Practical Application of the NIST RMF

This section provides specific examples of the implementation process for small-, medium-, and large-scale organizational applications. This is in the form of case studies that will be presented as model representations of the practical advantages and pitfalls of implementing the RMF as an end-to-end process. The aim of this final section is to give you a concrete understanding of the real-world issues associated with enterprise risk management, as well as to suggest pragmatic strategies for implementation of the RMF within a range of settings.

You are going the get the ultimate learning experience as every section is followed by practice test and has reading resources uploaded.




NIST Framework Overview

The NIST Framework
NIST Framework Core
Framework Implementation and Profile
Recent NIST Developments

Cybersecurity Risk Planning and Management

Cybersecurity Risk Planning
What is a Cyber Security Risk
Asset Management
Keeping Hardware Inventory Updated
Keeping Software Platform Inventory
Prioritizing Devices, Software and Apps
Personnel Security Requirements
Risk Assessment and Management
Identifying Internal and External Threats
Focus on Highlighted Risk
Plans for Dealing with the Highest Risk
Cybersecurity Risk Planning and Management Test

User and Network Infrastructure Planning and Management

User and Network Infrastructure
Authentication and Access Control
Control List and Remote Access
Network Security Controls
Association and Authentication
Awareness and Training
Data Security
Hardware Integrity
Information Protection
Patch Management
Protective Technology
Cybersecurity Risk Planning and Management

Tools and Techniques for Detecting Cyber Incidents

Tools and Techniques
Detecting Incidents
Anomalies and Events
Monitor Systems
Logging Devices and Log Files
Continuous Monitoring
Detection Process
Tools and Techniques for Detecting Cyber Incidents Test

Developing a Continuity of Operations Plan

Developing a Continuity of Operations Plan
Incident response
Executable Response Plan
Importance of Communications
Incident Analysis
Developing a Continuity of Operations Plan Test

Supply Chain Risk Management

Supply Chain Risk Management
Supply Chain Management Practices
Incorporating the Supply Chain Category
Develop, Assess and Test Supply Chain Risks
Supply Chain Risk Management Test

Bonus Coding Projects: Python Game Store

Using Frameworks in Python
Django Framework
Video Game Store
Environment Set Up
Exploring Our Django Project
Creating Django App
Dependencies and NVM Module
Add Login and Logout
Add Login and Logout Part 2
Creating New Users
Creating New Users: Front-End
Game Data Model: Back-End
Game Data Model: Front-End
Game Data Model: Edit Views
Adding List Game Views
Creating Shopping Cart Model
Creating the Shopping Cart Form
Creating the Shopping Cart View
Adding Items to the Cart
Cart Front-End & Running the Game Store


NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF) - Screenshot_01NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF) - Screenshot_02NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF) - Screenshot_03NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF) - Screenshot_04


December 4, 2022
very well explanation and information but its only theoretical approach and little hard to understand without actual examples


6/22/2022100% OFF
6/28/202295% OFF
7/7/2022100% OFF
7/21/2022100% OFF
8/3/2022100% OFF
8/11/2022100% OFF
8/25/2022100% OFF
9/6/2022100% OFF
9/20/2022100% OFF
10/11/2022100% OFF
10/21/2022100% OFF
11/15/2022100% OFF
12/8/202288% OFF
12/28/2022100% OFF
1/12/2023100% OFF
1/20/2023100% OFF
1/27/2023100% OFF
2/10/2023100% OFF
2/18/2023100% OFF
3/14/2023100% OFF
3/29/2023100% OFF
4/20/2023100% OFF
5/25/2023100% OFF
6/7/2023100% OFF



NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF) - Price chart


NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF) - Ratings chart

Enrollment distribution

NIST Cybersecurity A-Z: NIST Risk Management Framework (RMF) - Distribution chart

Unlimited access to 30 000 Premium SkillShare courses


Sell online with Shopify

3 months for 3 €
udemy ID
course created date
course indexed date
course submited by