NIST Risk Management Framework Training

Workshop Purpose:

Provide an overview of the NIST Risk Management Framework (RMF) for managing information security risk in organizations and systems, understand the publications that support the process, and describe how to integrate information security into an organization’s mission and business processes.  

This 2-day course includes:

  • An overview of an organization-wide risk management programme;
  • The steps in the RMF;
  • Key roles in implementing the RMF;
  • NIST publications related to each step; and
  • Conducting a mock risk assessment, developing a mock system security plan and security assessment report.

After completing this course, participants will be able to:

  • Explain the importance of establishing an organization-wide risk management programme;
  • Describe the purpose of the RMF as an organization-wide risk management methodology and how use of the RMF facilitates an atmosphere of trust among organizations;
  • Understand the considerations related to each step in the RMF, including relevant NIST publications; and
  • Implement the RMF and develop key RMF artifacts of the process.


Department of Workforce Development, Parliament Street, Hamilton


Victoria Yan Pillitteri, NIST 

Register at:   (you will be asked for your online payment confirmation number)

Workshop Agenda:

Day One – Overview of RMF Publications
Morning – 9:00 a.m.

  • NIST Special Publication (SP) 800-39, Managing Information Security Risk: Organization, Mission, and Information System View
  • NIST SP 800-30, Guide for Conducting Risk Assessments
  • NIST SP 800-37 (part 1), Guide for Applying the Risk Management Framework 

Lunch: 12:00 p.m. – 1:00 p.m.
Afternoon (until ~ 5:00 p.m.)

  • NIST SP 800-37 (part 2)
  • NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

Day Two – Interactive Workshop
Morning – 9:00 a.m.

  • Conduct mock risk assessment
  • Develop mock system security plan

Lunch: 12:00 p.m. – 1:00 p.m.
Afternoon (until ~ 5:00 p.m.)

  • Finish mock system security plan
  • Develop mock security assessment plan
  • Develop mock security assessment report