Do you want to understand the National Institute of Standards and Technologies Risk management Framework, also known as the RMF? If so, this is a learning path for you. In this course, we'll teach you how to employ the risk management framework as defined by the National Institute of Standards and Technologies to better manage and reduce cyber security risks. As we push computers to the edge, building a complex world of interconnected information systems and devices, security and privacy risks including supply chain risks, continue to be a large part of the national conversation and topic of great importance. The risk management framework addresses security and privacy risks from two perspectives. In information system perspective where the authorizing official issues and authorization to operate or authorization to use for the system accepting the security and privacy risks to the organization's operations and assets, individuals, other organizations and the nation. And from a common control perspective where authorizing officials issue common control authorization for a specific set of controls that can be inherited by designated organizational systems accepting the security and privacy risks to organizations operations and assets, individuals, other organizations and the nation. Many federal organizations and agencies including private and public sectors are using the NIST risk management framework as a helpful tool in managing cyber risk. My name is Ross Casanova and I've been working on cybersecurity for over 20 years holding certifications in CCSP, CCSK, CISSP, CIRM, Itel foundations 3, SMSP, GAAC, CEEH Security Plus and NSAs IAM. I have helped thousands of students enter the cybersecurity field by preparing them to pass their certification exams. I've developed this learning path to focus on what you need to know and understand to implement the risk management framework within your organization or further your security career. If you're looking to implement the NIST 837 risk management framework within your organization or need to prepare an authorization package and want to understand the requirements and artifacts needed, this is the right course for you. This course is designed to help you understand the National Institute of Standards and Technologies Risk Management Framework and the authorization process. We will help you understand the Federal Information Security Management Act requirements and the NIST processes for authorizing information systems, as well as explain key roles and responsibilities and statutory and regulatory requirements while applying these principles to real world activities and situations. In this course, we discuss legal and regulatory organizations as well as laws, policies and regulations, integrated organizational wide risk management program to include risk management, system development life cycle and the risk management key roles and responsibilities. We'll provide an overview of the risk management phases for security authorization process such as categorization, select, implement, assess, authorize and monitor. We'll also discuss the import and export laws as controls, including the defense federal acquisition regulations, DEFAR and international traffic in Arms regulations ITAR, export administration regulations, EAR and the Washington arrangement. We'll also explain the federal risk and authorization management program, FED BRAM. And we'll end with a summary of the NIST Risk Management Framework and some implementation tip. You can trust me to help you learn everything you need to know. So what are you waiting for, jump into this learning path today, and let's get you started.
