CCRMP Path 2: NIST RMF Practitioner candidates may follow an accelerated path to earn the CCRMP. These candidates must demonstrate their NIST RMF project experience to a NICyCs CCRMP validator. The CCRMP validator verifies these candidates have demonstrated their NIST RMF project expertise to help clients/employers to manage their cyber risks faced by their information systems by using the NIST RMF methodology.
To earn your CCRMP by following the NIST RMF Practitioner Path, you must:
- Have three years of demonstrated NIST RMF experience.
- Have produced NIST RMF deliverables.
- Pass the NIST RMF Practitioner Interview to validate your NIST RMF experience
CCRMP Resource Library
CCRMP Certificate of Recognition
CCRMP Application
CCRMP Code of Ethics
CCRMP Policies and Procedures
CCRMP Certification Agreement
CCRMP Success Profiles
CCRMP Certification and Membership Fee Waivers
Students following the CCRMP University Path may request the following CCRMP Fee Waivers
- CCRMP certification fee: $495 (waived for 2024-2027 university graduates)
- CCRMP annual membership fee $95 (2024-2027 fee waived for university graduates.)
CCRMP Path 1: The University Path provides CCRMP hands-on experience and preparation for candidates who add to their resumes NIST Risk Management Framework (NIST RMF) project experience.
Employers who hire CCRMPs include:
· Booz Allen Hamilton
· SAIC
· Harris Corp
· Wells Fargo
· U.S. Department of Defense
· GDIT
· SunGard
· US Department of Veterans Affairs
· Vanguard
Cyber jobs held by CCRMPs include:
· Information Systems Security Manager
· Senior Security Analyst
· Security Controls Assessor
· Governance Risk and Compliance Consultant
· Information System Security Engineer
· Cybersecurity Risk Management Project Lead
· Senior Cybersecurity Specialist
· Systems Analyst
· SOC Analyst
To earn the CCRMP these candidates prepare at the University Partner by accomplishing the following:
- Learn how to apply the seven steps of the NIST RMF online
- Perform these seven steps on a virtual information system
- Receive mentoring from an expert cyber practitioner faculty
- Create a portfolio of NIST RMF deliverables including:
- FIPS 199 System Categorization
- System Security Plan (SSP)
- NIST Security Control Selection
- Privacy Threshold Analysis
- Privacy Impact Assessment
- Plan of Action and Milestones (POAM)
- Security Assessment Plan
- Information Systems Continuous Monitoring Plan (ISCM)
- CMMC Security Controls
Following the CCRMP University Path students will:
- Earn the CCRMP badge
- Earn 12 academic credits
To produce their portfolio of NIST RMF projects, candidates satisfactorily complete four online university cybersecurity risk management courses. By completing these courses, candidates will also prepare for domains required by the CC, Cloud+, and CGRC certifications.
The University Path consists of the following online cybersecurity risk management courses and labs.
CCRMP Required Courses: (3 credits/course)
Cybersecurity Compliance Methodologies I
Students review and analyze the concepts and interrelationships underlying cybersecurity compliance methodologies, including the NIST Risk Management Framework (RMF), FedRAMP, NIST 800-171, CMMC, NIST Cyber Security Framework (CSF), and NIST 800-53. Students develop competencies to utilize NIST RMF Step 0 (Prepare) and are introduced to Step 1 (Categorize), as well as FedRAMP Steps 1-2.
Cloud Security Risk Management Methodologies
In a virtual NIST RMF/FedRAMP practicum, focusing on the integrated enterprise/cloud system, students develop the capability to evaluate a test case scenario information system, develop a System Security Plan, and select and/or write appropriate security controls based on NIST RMF (Steps 0-2, Prepare, Select, Implement) and FedRAMP guidelines.
Cybersecurity Risk Management Practicum I
Students are guided to create effective security and governance systems through analysis, negotiation, systematic approaches, and utilization of feedback. They will gain skills to generate robust security reports, construct comprehensive Authorization to Operate (ATO) packages, and develop actionable plans with identified remediation tasks. They will learn to apply critical thinking in problem-solving, especially in risk management, and will be able to enhance processes using research findings effectively. Additionally, they will understand how to design governance structures that align with an organization’s objectives and interpret laws and regulations for effective compliance program implementation. They will also learn to integrate and monitor governance, risk management, and compliance activities effectively, and report their effectiveness to stakeholders. Additionally, they’ll master effective communication and negotiation skills, crucial in professional settings. Students develop competencies to utilize NIST RMF Steps 0-6 (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor). Students will also prepare for the CGRC Certification.
Cybersecurity Risk Management Practicum II
This course focuses on the integrated enterprise/cloud system where students develop the capability to 1) evaluate system security, 2) analyze system assessment reports to make recommendations for a Plan of Action and milestones, 3) comply with all Authorization to Operate package requirements, and 4) strategically develop ISCM (Information Security Continuous Monitoring). Students develop competencies to utilize NIST RMF Steps 0-6 (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor). After this course, successful students will be able to receive the CCRMP Certification.
For University Students Only:
To receive your CCRMP application fee and membership waivers, please complete your CCRMP Application and submit it here by the end of your second of four university courses for the CCRMP.
