From the Expert: NIST Risk Management Framework (RMF) Training
January 8, 2026In our From the Expert blog series, we feature leading voices from Capitol Tech's network of thought leaders contributing their fresh insights, groundbreaking ideas, and real-world experience. From innovative research to practical applications, their unique perspectives on today’s most exciting scientific and technological discoveries bring us to the frontiers of discovery and inspire us to imagine the future.
NIST Risk Management Framework (RMF) Training
by Dr. Ron Martin, CPP, CPOI
On August 6, 2025, the National Institute of Standards and Technology (NIST) Computer Security Resource Center modified their RMF Online Introductory Courses. These courses are free and introduce key RMF publications to those responsible for managing or overseeing cybersecurity risk. There are four courses offered: RMF Introductory Course, Security and Privacy Controls Introductory Course, Assessing Security and Privacy Controls Introductory Course, and Control Baselines Introductory Course. These courses provide a high-level overview of important security and privacy risk management concepts based directly on the material in the NIST special publications. Participants do not need to have any prior knowledge about cybersecurity concepts to take these courses.
It will take participants under six hours to complete all four courses. There are three components to each course offering. First, the participant will launch the self-guided online course. Second, the participant can download the slides with notes to complete the courses. And third, the participant can download the certificate of completion. The user self-attests to completing the course; NIST does not track completion. The certificate only identifies that the course material was viewed and does not attest to any qualifications, knowledge, or skill level resulting from the completion of the course. However, organizations can use these courses to provide a foundational understanding of cybersecurity. It is recommended for those in academia to integrate this training into their curricula for more robust, career-applicable coursework.
With the rise in cost of education, offering free professional education is a benefit. Using these courses as a basis for cybersecurity and critical infrastructure education will enhance the awareness of these concepts and serve as a jump-off point for further study.
For more information, visit the NIST Risk Management Framework.
Dr. Ron Martin
Professor of Practice, CPP, CPOI
Dr. Ron Martin is a Professor of Practice at Capitol Technology University, specializing in the functional areas of Critical Infrastructure, Industrial Control System Security, Identity, Credential, and Access Management. Dr. Martin maintains professional relationships with a diverse mix of businesses. He serves on the board of directors for many profit and nonprofit organizations, such as the International Foundation for Protection Officers (IFPO), and the Institute of Electrical and Electronics Engineers (IEEE) P2887 - Zero Trust Security Working Group (ZTSWG) as Vice Chair. He is a voting member of the U.S. Technical Advisory Group to the International Standards Organization (ISO), which works to develop and articulate the U.S. position by ensuring public and private sector stakeholder involvement. He is also a member of the Cloud Security Alliance Zero-Trust/ Software Defined Perimeter Expert’s Working Group and the Security Industry Association Standards Committee. Recently, he has been designated by the U.S. Department of State as a Fulbright Specialist.