CCRMP Path 2: NIST RMF Practitioner candidates may follow an accelerated path to earn the CCRMP. These candidates must demonstrate their NIST RMF project experience to a NICyCs CCRMP validator. The CCRMP validator verifies these candidates have demonstrated their NIST RMF project expertise to help clients/employers to manage their cyber risks faced by their information systems by using the NIST RMF methodology.
To earn your CCRMP by following the NIST RMF Practitioner Path, you must:
- Have three years of demonstrated NIST RMF experience.
- Have produced NIST RMF deliverables.
- Pass the NIST RMF Practitioner Interview to validate your NIST RMF experience
CCRMP Resource Library
CCRMP Certificate of Recognition
CCRMP Code of Ethics
CCRMP Policies and Procedures
CCRMP Certification Agreement
CCRMP Success Profiles
CCRMP Certification and Membership Fee Waivers
ODU students following the CCRMP University Path may request the following CCRMP Fee Waivers
- CCRMP certification fee: $1995 (waived for ODU 2022-2023 graduates)
- CCRMP annual membership fee $175 (2022-2024 fee waived for ODU graduates.)
CCRMP Path 1: The University Path provides CCRMP hands on experience and preparation for candidates who add to their resumes NIST Risk Management Framework (NIST RMF) project experience.
Employers who hire CCRMPs include
· Booz Allen Hamilton
· Harris Corp
· Wells Fargo
· U.S. Department of Defense
· US Department of Veterans Affairs
Cyber jobs held by CCRMPs include:
· Information Systems Security Manager
· Senior security analyst
· Security Controls Assessor
· Governance Risk and Compliance Consultant
· Information System Security Engineer
· Cybersecurity Risk Management Project Lead
· Senior Cybersecurity Specialist
· Systems Analyst
· SOC analyst
To earn the CCRMP these candidates prepare at the University Partner by accomplishing the following:
- Learn how to apply the seven steps of the NIST RMF online
- Perform these seven steps on a virtual information system
- Receive mentoring from an expert cyber practitioner faculty
- Create a portfolio of NIST RMF deliverables including:
- FIPS 199 System Categorization
- System Security Plan (SSP)
- NIST Security Control Selection
- Privacy Threshold Analysis
- Privacy Impact Assessment
- Plan of Action and Milestones (POAM)
- Security Assessment Plan
- Information Systems Continuous Monitoring Plan (ISCM)
- CMMC Security Controls
Following the CCRMP University Path students will
- Earn an accredited university certificate
- Receive domain coverage instruction for the CISSP, CAP, CISA and CISM certifications
To produce their portfolio of NIST RMF projects, candidates satisfactorily complete six online university cybersecurity risk management courses. By completing these courses, candidates will also earn and prepare for the domains required by the CISSP, CAP, CISA and CISM certifications.
The University Path consists of the following online cybersecurity risk management courses and labs:
CCMRP Required Courses: (3 credits/course)
Cybersecurity Compliance Methodologies I
Students review and analyze the concepts and interrelationships underlying cybersecurity compliance methodologies, including the NIST Risk Management Framework (RMF); Federal Risk and Authorization Management Program (FedRAMP); NIST 800-171; CMMC; NIST Cyber Security Framework (CSF); and NIST 800-53. Students develop competencies to utilize NIST RMF Steps 1-3/FedRAMP Steps 1-2.
Cybersecurity Compliance Methodologies Lab I.
In a virtual lab system, students execute the NIST RMF,Steps 1-3: Categorization, Security Control Selection, and Security Control Assessment; and complete the associated analysis and documentation, as required by NIST/FedRAMP/CMMC.
Cybersecurity Compliance Methodologies II.
Students develop the competencies to utilize the NIST RMF, Steps 4-6: Implementation, Authorization and Monitoring /FedRAMP, Steps 3-4. Students analyze how these steps relate to the CMMC accreditation process.
Cybersecurity Compliance Methodologies Lab II.
In a virtual lab system, students execute the NIST RMF Steps 4-6: Implementation, Authorization and Monitoring, and complete the associated analysis and documentation, as required by the NIST/FedRAMP/CMMC frameworks.
Audit and Risk Assessment Methods.
Students review and analyze selected CISA, CISM, and CRISC audit and assessment function domains. Utilizing their domain knowledge, students complete case study audit and assessment tasks.
Compliance Frameworks for the Enterprise.
Students compare and contrast multiple compliance frameworks including ISO 27001, California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and Service Organization Control 2 (SOC2). They examine selected intersections and redundancies in these frameworks and analyze how to address them in a global context. Their analysis will include examining crosswalks between the NIST RMF and selected frameworks.
For Old Dominion University Cybersecurity Students Only:
To receive your CCRMP application fee and membership waivers, please complete and submit your CCMRP Application here by the end of your second ODU CRM course: