Security University Q/CandA RMF is a 40-hour instructor-led training course focused on the NIST SP800-37 Risk Management Framework (RMF) certification and accreditation process. The course covers the seven-step RMF process including categorizing information systems, establishing security control baselines, applying and assessing security controls, authorizing information systems, and monitoring security controls. The training is designed for information security professionals, system administrators, certification officials, and personnel responsible for implementing certification and accreditation processes. It includes interactive workshops, labs, lectures, and a final exam. Students must achieve 95% attendance and complete all labs and quizzes to pass. The curriculum covers DoD system certification and accreditation processes, FISMA compliance, risk assessment methodologies, security categorization per FIPS 199, and the 17 baseline management, operational, and technical policies. The course addresses roles and responsibilities, authorization boundary determination, accreditation decision models, and preparation of certification packages. Prerequisites include understanding of TCP/IP protocols and ideally 1-2 years of IT security or systems experience. Upon completion, students earn 40 CPE credits and 3 CEU credits. The course prepares candidates for the Q/CA credential, which requires a minimum of two years of direct full-time security professional work experience in certification and accreditation.