757-216-3656 | Monday–Friday 8:30 AM – 4:30 PM | info@itdojo.com
Training

RMF Training

Expert RMF training to help your team achieve ATO. Courses follow NIST SP 800-37 and are designed for ISSOs, ISSMs, and DoD IT professionals — IT Dojo.

RMF Courses for ISSOs, ISSMs, and DoD IT Professionals

IT Dojo’s RMF training equips federal and DoD personnel to navigate the full Risk Management Framework lifecycle — from system categorization and security control selection through ATO authorization and continuous monitoring following NIST SP 800-37 and DoDI 8510.01. With over 60 years of combined instructor experience in government information security and compliance, our courses are built for ISSOs, ISSMs, security control assessors, system owners, and contractors who need to build and sustain authorization packages. Training is available live online or on-site at your facility.

Building a DoD Security Package - RMF Training

Hands-on training for building a complete DoD security package using the Risk Management Framework.

View Course
eMASS Fundamentals Training

Practical training on using the Enterprise Mission Assurance Support Service (eMASS) for RMF compliance.

View Course
Mastering System Hardening (STIG Training)

Training on applying STIGs to harden systems and meet DoD security configuration requirements.

View Course
Implementing & Assessing Security Controls

A 4-day masterclass combining Security Controls Implementation (Step 3) and Security Controls Assessment (Step 4).

View Course
Continuous Monitoring Training

Training on information security continuous monitoring (ISCM) strategies and implementation.

View Course
RMF Cloud Fundamentals / FedRAMP Training

Applying the Risk Management Framework in cloud environments and understanding FedRAMP requirements.

View Course
Advanced Project Management for RMF

Apply project management best practices to the RMF process - planning, executing, and closing authorization packages.

View Course
RMF Supply Chain Risk Management

Covers Cyber Supply Chain Risk Management (C-SCRM) principles within the RMF context for DoD and federal professionals.

View Course

Frequently Asked Questions

What is the Risk Management Framework (RMF)?

The Risk Management Framework (RMF) is a structured process developed by NIST (SP 800-37) and mandated by DoD and federal civilian agencies for managing cybersecurity risk to information systems. It replaces DIACAP and provides a seven-step lifecycle process covering system categorization, security control selection, implementation, assessment, authorization (ATO), and continuous monitoring. RMF is required for all federal and DoD information systems before they can be authorized to operate.

Who needs RMF training?

RMF training is essential for ISSOs (Information System Security Officers), ISSMs (Information System Security Managers), security control assessors, system owners, authorizing officials, and any DoD or federal IT professional involved in achieving or maintaining an Authorization to Operate (ATO). Contractors supporting federal agencies and DoD programs also commonly require RMF knowledge.

What RMF courses does IT Dojo offer?

IT Dojo offers a comprehensive suite of RMF courses covering the full authorization lifecycle: Building a DoD Security Package (RMF for DoD IT), eMASS Fundamentals, STIG training for system hardening, Implementing and Assessing Security Controls, Continuous Monitoring (ISCM), RMF in the Cloud / FedRAMP, Advanced Project Management for RMF, and RMF Supply Chain Risk Management. Courses are available individually or as a combined program.

Is IT Dojo's RMF training DoD-specific?

IT Dojo's RMF courses are designed with a DoD and federal focus, following NIST SP 800-37, NIST SP 800-53, DoDI 8510.01, and related guidance. The training is directly applicable to professionals working on DoD information systems, IC programs, and federal civilian agency ATO packages. IT Dojo has over 20 years of experience training government and military professionals on RMF and its predecessor, DIACAP.

Is RMF training available online?

Yes. All IT Dojo RMF courses are available as live remote online training. Students attend a live instructor-led class — not a pre-recorded video — and can interact with the instructor and other students in real time. Remote classes are kept small (capped at 16 students) to ensure focused, hands-on instruction.

How does RMF training relate to getting an Authorization to Operate (ATO)?

An ATO is the formal approval for a federal or DoD information system to operate, granted by an Authorizing Official after the system has completed the RMF process. IT Dojo's RMF training teaches the practical skills needed to build a complete security package — including system categorization, control selection and implementation, security assessment, and the documentation required for authorization. The goal is to give your team the knowledge to achieve and sustain an ATO with confidence.

Don't see the course you need?

We can source almost any IT training. Contact us and we'll find a solution for your team.

Contact Us