Certified Risk Analyst and the Risk Assessment Framework (CNSS-4016)

IA2 | August 2-5

On This Page


Information Assurance Associates (IA2) provides comprehensive CNSS-4016 Risk Analysis certification and the federal Risk Management Framework (RMF) training for Information System Security Managers (ISSM's), Certification Agents and Security Control Assessors (SCA's). The IA2 Risk Analysis Certification and Risk Management Framework (RMF) curriculum was specifically designed for cybersecurity practitioners that exercise security or Assessment and Authorization (A&A) as well as Program or Acquisition Management control over critical information infrastructures. This course provides four days of intense, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge, skills, and abilities needed to analyze, assess, control, determine, mitigate and manage risks within computer systems that store, process, display or transmit classified or sensitive information. This course provides training in knowledge factors and functional requirements established for Entry and Intermediate Level Risk Analysts and addresses professional processes and policy requirements established within the federal Risk Management Framework (RMF). Specific focus is directed on identifying, implementing and integrating management, acquisition and administrative risk methodologies for securing critical information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources within a risk managed framework. Topical areas include those actions and activities necessary to facilitate risk centric analysis and assessment requirements as well as RMF actions and activities necessary to ensure that Authorizing Officials (AO's) have the information necessary to make informed, risk-based decisions. Special attention is directed on analyzing, evaluating, and assessing information system security risks and the procedures necessary to assess the impact and consequence of a realized risk on critical information infrastructures.


Student Requirements

Students should have an advanced understanding, practical knowledge and recent experience in enforcing federal or corporate requirements, applying risk methodologies and facilitating acquisition, program management or system accreditation activities. Students should also have extensive System Administrator, Information System Security Manager (ISSM) or System Certifier/Validator experience, and be very familiar with the risk relevant responsibilities associated with system Assessment and Authorization (A&A) processed. Completion of CNSS-4012 Senior System Manager and CNSS-4015 System Certifier training is highly recommended but not required.

What Students Should Bring

Students will be provided all course materials and supplies.

What Students Will Be Provided With

• Student Training Manual
• Student Course CD - One Per Student
• CNSS-4016 Risk Analyst Certificate


Jeff Moulton, Norm Beebe, Greg Welch

The IA2 award winning instructor staff are certified as Fully Qualified Certification Agents and System Validators, Certified Information System Security Professionals (CISSPs), Certified Information Security Managers (CISMs), Certified in Risk and Information Systems Control (CRISC), and Certified in NSA Information System Security Assessment and Evaluation Methodologies (IAM/IEM). Additionally, each instructor is certified as a Master Training Specialist and has a minimum of fifteen years experience as a functional DOD, national Intelligence Community (IC) or federal Information System Security Manager. For IC applications, IA2 instructor staff members have been certified as NSA Adjunct Faculty and as NSA Accreditation Action Officers (AAOs) and hold a security clearance for access to National Security System data.