On This Page

Risk Management Framework (CNSS-4016)

Information Assurance Associates (IA2) | July 30-August 2


Information Assurance Associates (IA2) provides comprehensive CNSS-4016 Risk Analysis certification and the federal Risk Management Framework (RMF) training for Information System Security Managers (ISSM's), Certification Agents and Security Control Assessors (SCA's). The IA2 Risk Analysis Certification and Risk Management Framework (RMF) curriculum was specifically designed for cybersecurity practitioners that exercise security or Assessment and Authorization (A&A) as well as Program or Acquisition Management control over critical information infrastructures. This course provides four days of intense, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge, skills, and abilities needed to analyze, assess, control, determine, mitigate and manage risks within computer systems that store, process, display or transmit classified or sensitive information. This course provides training in knowledge factors and functional requirements established for Entry and Intermediate Level Risk Analysts and addresses professional processes and policy requirements established within the federal Risk Management Framework (RMF). Specific focus is directed on identifying, implementing and integrating management, acquisition and administrative risk methodologies for securing critical information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources within a risk managed framework. Topical areas include those actions and activities necessary to facilitate risk centric analysis and assessment requirements as well as RMF actions and activities necessary to ensure that Authorizing Officials (AO's) have the information necessary to make informed, risk-based decisions. Special attention is directed on analyzing, evaluating, and assessing information system security risks and the procedures necessary to assess the impact and consequence of a realized risk on critical information infrastructures.

Who Should Take this Course

CIO's, CISO's, Information Security Specialists, Risk Management Professionals

Student Requirements

Students should have an advanced understanding, practical knowledge and recent experience in enforcing federal or corporate requirements, applying risk methodologies and facilitating acquisition, program management or system accreditation activities. Students should also have extensive System Administrator, Information System Security Manager (ISSM) or System Certifier/Validator experience, and be very familiar with the risk relevant responsibilities associated with system Assessment and Authorization (A&A) processed. Completion of CNSS-4012 Senior System Manager and CNSS-4015 System Certifier training is highly recommended but not required.

What Students Should Bring

Students will be provided all course materials and supplies.

What Students Will Be Provided With

  • Student Training Manual
  • Student Course CD - One Per Student
  • CNSS-4016 Risk Analyst Certificate


Mr. Jeff Moulton is the Director of Transformation Technologies and Cyber Research Center at Louisiana State University (LSU). He provides strategic direction and leadership and is responsible for focusing research, business development, building technical teams, and coordinating information operations across the university and institute. Mr. Moulton has in-depth experience within the intelligence communities assessing and defining corporate-level and globally deployable network security solutions. Mr. Moulton actively participates in numerous National and International Cyber Forums. Most noteabley he has been appointed to the ODNI/NSA Computational Cyber Security in Compromised Environments (C3E); the Secretary of the Air Force's Cyber Vision 2025 (CV2025) Committee; the AFCEA International Cyber Committee, and the IEEE Homeland Security Technologies (Cyber Panel) Committee. His technical certifications include: Certified Information Systems Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2), Project Management Professional (PMP), Project Management Institute, National Security Agency (NSA) Information Assurance Manager (IAM), National Security Agency (NSA) INFOSEC Evaluation Methodology (IEM), Open Source Professional Security Analyst (OPSA), and Malware Forensics Investigator (MFI), Wetsone. Prior to LSU, Mr. Jeff Moulton served as the Director of Program Development and Information Operations for Georgia Tech Research Insistute (GTRI). At GTRI, Mr Moulton established GTRI's first cyber lab, recruited and hired the technical team, and grew GTRI's newest laboratory into the largest of GTRI's eight labs. Before joining GTRI, Mr. Moulton served as the Information Assurance Assistant Program Manager at the Naval Surface Warfare Center. In this role he established an Information Assurance (IA) Division for the Deployable Joint Command and Control (DJC2) Joint Program Office. He provided leadership and direction for all information assurance facets of the $566M Joint Program of Record and managed the many facets of a major DoD acquisition program. He recruited and built the first joint integrated IA team across government and military service branches, with members from DIA, NSA, SPAWAR, NETWARCOM, OSD NII, JITC, USJFCOM, USPACOM, USEUCOM, USSOUTHCOM, and other Department of Defense (DoD) IA stakeholders. Mr. Moulton authored the DJC2 IA Strategy, Technology Readiness Assessments, Analysis of Alternatives, and other DoD acquisition documents required by public law. Mr. Moulton continues to represent the DJC2 Joint Program Office as the IA subject matter expert with DoD intelligence agencies. In addition, Mr. Moulton serves on the Department of the Navy Network Warfare Command (NETWARCOM) IA Working Group. Prior to his position with the U.S.Navy, Mr. Moulton served as the Executive Director, Integrated Solutions Division (ISD) at Concurrent Technologies Corporation (CTC), a 501(c)3 non-profit research and development company. He was responsible for contract performance, business development, human resources, financial performance, and organizational development for the ISD. This included operational responsibility for over 350 employees, 8 major offices and multiple operating locations. Focus areas included: communications/network engineering, software/systems engineering, visualization, battlefield situational awareness, advanced technology prototyping, C4ISR systems, information assurance, logistics decision support systems, supply chain integration, and general information technology (IT) development. Preceding his assignment at ISD, Mr. Moulton served as the Director, Information Assurance Programs at CTC where he provided overall leadership on multiple multi-million dollar programs and directed the organization's personnel. His programs ranged from improving network security and developing unique solution sets for advanced network security problems utilized throughout the Department of Defense, to designing high-speed systems and modeling and simulating these network architectures. Mr. Moulton established the National Attack Sensing, Warning and Response (ASW&R) Laboratory. This National asset is currently hosted and operated by the National Security Agency (NSA). Mr. Moulton served a twenty-four year career with the United States Air Force. He held a diverse set of technical and leadership positions across the globe, including Communications and Information Functional Manager for Air Force Special Operations Command, Hurlburt Air Force Base.