Carter Enterprise Solutions, LLC

Navy Risk Management Process Guide (RPG) v4.0 Boot Camp

Course Duration: 3 Days

Continuing Professional Education (CPE): 32hrs

Audience: The course is specifically designed for Department of Navy (DoN)  Cybersecurity personnel to include Information System Security Engineers (ISSEs); Navy Qualified Validators (NQVs), Information System Security Managers (ISSMs) and Information System Security Officers (ISSOs), etc. The course content applies to execution of the Navy Risk Management Process Guide (RPG). The course strategically aligns with associated RMF cybersecurity roles responsible for the Assessment & Authorization (A&A) paths within USN RMF security authorization package development in eMASS. 

Course Overview

This (3) day course accompanied with an e-book and resource folder provides course participants with a detailed understanding of the Risk Management Framework (RMF) as outlined in the Navy Risk Management Process Guide and the Department of Defense (DOD) Instruction 8510.01. The course is a structured process designed to identify, assess, and mitigate risks associated with information systems and other assets. Through a combination of lectures, case studies, and practical exercises, participants will gain the knowledge and skills necessary to effectively implement RMF within their organizations.

The course describes each step of the Navy’s implementation of RMF, along with an overview of the organization’s Responsible, Accountable, Supporting, and Consulted (RASC) for each step depicted in a RASC chart. We offer students a resource downloadable folder that includes videos, and DoN specific resource materials, SCA templates, guidelines, procedures, and instruction. The curriculum is delivered to students with scenario-based examples and students are taught how to execute steps necessary to be successful in the Department of Navy.

Day 1: Introduction to Risk Management Framework

• Understanding the foundational concepts of risk management
• Overview of the Navy Risk Management Process Guide v4.0 and DOD Instruction 8510.01
• Exploring the objectives and benefits of RMF implementation
• Roles and responsibilities within the RMF process

Day 2: RMF Process Steps and Documentation

Detailed walkthrough of the six RMF process steps:

1. Categorize Information System
2. Select Security Controls
3. Implement Security Controls
4. Assess Security Controls
5. Authorize Information System
6. Monitor Security Controls

• Understanding the documentation and template requirements at each step of the Navy Risk Management Process Guide (RPG).
• Strategies for effectively implementing security controls & Best Practices.
• Techniques for conducting security control assessments and documenting results.
• Hands-on exercises in categorizing information systems and selecting appropriate security controls

Day 3: Testing Tool, eMASS, POA&Ms and SAR

• Overview of the overall authorization process,  Authorization Package Requirements and DoN approved testing tools.
• Highlight understanding of eMASS, POAMs and SAR best practices.
• Best practices for continuous monitoring and maintaining authorization.
• Practical exercises in conducting security control assessments and preparing authorization packages.
• Overview if Navy Qualified Validator Program

Throughout the course, participants will have the opportunity to engage in discussions with instructors and fellow participants, sharing insights and experiences related to RMF implementation. By the end of the course, participants will have gained the knowledge and confidence to effectively execute the Navy RPG as defined by RMF principles, ensuring the security and resilience of DoN information systems, sites, and assets.