What is covered in the NCSP® 800-37 Awareness course?

This course introduces the NIST Risk Management Framework (RMF) as defined in SP 800-37 Rev. 2, including the Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor steps.

Anyone who needs a basic understanding of risk management and how RMF supports NIST CSF 2.0 adoption.

Do I get a certificate?

Yes. Learners receive the NCSP® 800-37 Awareness Certificate.

NIST Cybersecurity Professional®
NCSP® 800-37 Awareness Certificate

Build Awareness of the NIST Risk Management Framework (RMF)

NIST Cybersecurity Professional®

NCSP® 800-37 Awareness Certificate

Course Description

NIST Special Publication 800‑37, Risk Management Framework (RMF) for Information Systems and Organizations, provides a structured, repeatable process for managing cybersecurity and privacy risk across the system lifecycle. It integrates security, privacy, and risk management activities into organisational governance and decision‑making.

The NCSP® 800‑37 Awareness Certificate is a half‑day, instructor‑led course offering a concise introduction to the purpose, structure, and strategic value of the NIST RMF. Designed for executives, managers, and stakeholders, this course explains how the RMF supports enterprise risk management, system authorisation, and continuous monitoring, without requiring technical or implementation‑level expertise.

Participants gain a high‑level understanding of the RMF steps, key roles, governance requirements, and how RMF aligns with broader NIST guidance and organisational cybersecurity programmes.

What You Will Learn

Participants gain essential awareness‑level knowledge of NIST SP 800‑37. You will learn:

The purpose, structure, and evolution of the NIST Risk Management Framework.
How RMF integrates with enterprise risk management and organisational governance.
The seven RMF steps and their role in managing cybersecurity and privacy risk.
Key roles and responsibilities within the RMF process.
How RMF supports system authorisation, continuous monitoring, and resilience.
How RMF aligns with NIST SP 800‑53, CSF 2.0, and other NIST publications

Course Agenda

Module 1: Introduction to NIST SP 800‑37 & the Risk Management Framework

A high‑level overview of the purpose, scope, and evolution of the RMF. Introduces the relationship between RMF, enterprise risk management, and organisational decision‑making.

Module 2: RMF Structure & the Seven RMF Steps

An awareness‑level introduction to the RMF lifecycle, including Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor. Explains how each step contributes to risk‑based governance and system assurance.

Module 3: Roles, Responsibilities & Organisational Governance

A concise overview of key RMF roles including, System Owners, Security Officers, and Assessors, and how governance structures support accountability, oversight, and informed risk decisions.

Module 4: RMF in Practice — Integration, Alignment & Continuous Monitoring

An introduction to how organisations apply RMF in real‑world environments. Covers alignment with NIST SP 800‑53 controls, CSF 2.0, privacy risk management, system authorisation, and ongoing monitoring activities.

Learning Outcomes

Participants will be able to:

Describe the purpose and structure of the NIST Risk Management Framework.
Explain the seven RMF steps at an awareness level.
Recognise key RMF roles and governance responsibilities.
Understand how RMF supports system authorisation and continuous monitoring.
Identify how RMF aligns with other NIST guidance and organisational cybersecurity programmes.
Communicate the strategic value of RMF to stakeholders and teams.

Who Should Attend?

This course is designed for professionals who need a strategic understanding of risk management and system assurance, including:

Executives & Senior Leaders
Business & System Owners
Governance, Risk & Compliance (GRC) Stakeholders
Programme & Project Managers
Security & Privacy Managers
Anyone seeking an introduction to the NIST RMF

Prerequisites

There are no prerequisites for this Awareness‑level course. No technical background is required.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-37 Awareness Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-37 Awareness Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-37 Awareness Certificate digital badge.

Enrol Today

This NCSP 800‑37 Awareness course provides students with a high‑level understanding of the NIST Risk Management Framework and its role in managing cybersecurity and privacy risk.