By Philip D. Schall, Ph.D., CISSP, RDRP
At IT Dojo, we often have conversations with our students on the topic of taking formal classroom RMF training. In the modern digital landscape, we are able to learn about and complete projects we never thought possible twenty years ago through free online resources. The internet has enabled us to learn so much with a few keystrokes, but as much as I hate to break the news to you, RMF has historically not been a topic that can be learned easily or successfully through self-study via free online resources.
After collecting data over the past three years in my RMF research, the consistent pattern I have seen from respondents are RMF practitioners stressing the importance of receiving formalized RMF classroom training and how much easier it is to complete RMF packages when proper training has been received. This data has been validated with statistical significance in a research study scheduled for publication this summer. Stay tuned!
Some major challenges with self directed RMF education are:
Thousands of pages of NIST guidance and RMF policy being very overwhelming for those new to the RMF process and interpreting government policy. See https://rmf.org/ rmf-publications/ and NIST Special Publications (SP) for examples.
RMF policy and the intricacies of NIST policy can be very confusing. Having someone available to answer your questions and guide you in realtime can save you an enormous amount of time vs. the alternative of Google and Reddit research. Also, the information you may find on online forums may not be the most up to date guidance due to policies being updated and changing regularly.
The most valuable element of IT Dojo’s RMF training is the hands-on consulting experience of our instructors. This real-world experience is invaluable. Unfortunately, RMF policy does not always translate well from the policy wonks to real-world policy application. We understand these nuances and can provide you solutions and assistance from our RMF consulting experiences.
I understand we are all very overwhelmed with work priorities, and we are looking for whatever shortcuts we can find to boost efficiency and productivity, but it has been IT Dojo’s experience that this increased efficiency and productivity can be achieved from an RMF standpoint by committing to a four-day RMF full course. We often see that students who try to self-teach or take shortcuts end up spending months posing questions to our own Dr. RMF and trying to digest hundreds of pages of NIST documentation alone.
I highly encourage any student who may be questioning if RMF training is truly necessary to consider the value RMF live instructor-led training delivered by a seasoned RMF practitioner. IT Dojo also offers former students access to programs such as TrainPlus™ which provides a support lifeline for when former students may find themselves stuck in an RMF predicament. Please allow IT Dojo to educate you and guide you through the RMF journey by attending our flagship four-day RMF full course training program. RMF is who we are!