DoD has adopted the Risk Management Framework (RMF) for all Information Technology and Operational Technology networks, components and devices to include Facility-Related Control Systems (FRCS). Most Installation Energy and Water ESTCP projects will be required to follow the RMF and, depending on the objectives of the demonstration, obtain an Authorization To Operate (ATO) on the DoD Information Network (DoDIN). The RMF How To Short Course is geared to help ESTCP Investigators and Project Teams become familiar with the RMF process, understand the requirements and if/how they apply and learn about the available resources. The course reviews control system basics, protocols, how to use the NIST Risk Management Framework and the Cybersecurity of Facility-Related Control Systems Design Guidance, guidance on what tools and methods to use to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event/incident.


Dr. Michael Chipley, The PMC Group      

The Risk Management Framework (RMF) - How To