Loading...

Course Description

This course is focused on the proper assessment methods and procedures for controls defined in NIST SP 800-53 revision 4 and revision 5, as well as CNSSI 1253. This course is designed to provide Cybersecurity and Information Security Professionals that are responsible for the assessment of controls with the knowledge of control assessment methods, technologies, best practices, and techniques for proper assessment and documentation of assessment results in their environment. Students gain and understanding of the 2 new control families defined in NIST SP 800-53 R5 as well as the 18 families defined in SP 800-53 R4 and CNSSI 1253, and an in depth understanding of each control and how to assess each correctly.

Students gain an understanding of Control Assessment procedures; associated control assessment processes; implementation practices, techniques and technologies; roles and responsibilities; and artifacts development leading to U.S. Government information system authorization and approval during development and operations to include Information Security Continuous Monitoring (ISCM) assessments.

Students learn and discuss the control assessment process integrated with the System Development Life Cycle to include roles and responsibilities; references; and guidelines. They complete exercises relevant to completing assessments, for example how to prepare for the assessment with a properly developed assessment plan, conducting the assessment, completing control artifacts for system authorization or continuous monitoring. Student will also learn and discuss the technologies, best practices, and procedures used in the control assessment. Other topics include life cycle activities in the DoD Instruction 8510.01 (RMF for DoD IT) NIST Special Publication (SP) 800-53 Security Controls, NIST assessment procedures, and enhancements to CNSS Instruction 1253. Training will include lectures and class discussions, class hands-on activities as well as individual hands on activities, case studies, and individual and team exercises.

Course Outline

  • Introduction
  • Assessment principles
  • Control. assessment of Federal Information Systems
  • Control assessment vs Penetration Testing
  • Control assessments and the RMF
  • Control assessments and the SDLC
  • Control assessment strategies
  • Control assessment Methods
  • Selecting qualified assessors
  • Foundations of control assessment
  • NIST Controls Overview
    • Management Controls
    • Operational Controls
    • Technical Controls
  • Manual vs automated assessment
  • In depth review of control families and control assessment procedures
    • Access Control
    • Awareness and Training
    • Audit and Accountability
    • Assessment, Authorization, and Monitoring
    • Configuration Management
    • Contingency Planning
    • Identification and Authentication
    • Individual Participation
    • Incident Response
    • Maintenance
    • Media Protection
    • Privacy Authorization
    • Physical and Environmental Protection
    • Planning
    • Program Management
    • Personnel Security
    • Risk Assessment
    • System and Services Acquisition
    • Systems and Communication Protection
    • System and Information Integrity
  • Assessment Documentation
    • Control Assessment Plan
    • Control Assessment Report
  • Control assessment Resources
  • Automated Control Assessment Tools

Prerequisites

Information System and Information Security experience.

Duration

30 Hours | 5 Days or 10 Nights

Applies Towards the Following Certificates

Loading...
Enroll Now - Select a section to enroll in
Section Title
Risk Management Framework (RMF): Security Control Assessor
Type
Instructor-Led
Days
T, Th
Time (Central Time)
5:30PM to 8:30PM
Dates
Feb 21, 2023 to Mar 23, 2023
Schedule and Location
# of Course Hours
30.0
Delivery Option
Course Fee(s)
Rate non-credit $3,990.00
Potential Discount(s)
Section Title
Risk Management Framework (RMF): Security Control Assessor
Type
Instructor-Led
Days
T, Th
Time (Central Time)
5:30PM to 8:30PM
Dates
May 23, 2023 to Jun 22, 2023
Schedule and Location
# of Course Hours
30.0
Delivery Option
Course Fee(s)
Rate non-credit $3,990.00
Potential Discount(s)
Section Title
Risk Management Framework (RMF): Security Control Assessor
Type
Instructor-Led
Days
T, Th
Time (Central Time)
5:30PM to 8:30PM
Dates
Sep 19, 2023 to Oct 19, 2023
Schedule and Location
# of Course Hours
30.0
Delivery Option
Course Fee(s)
Rate non-credit $3,990.00
Potential Discount(s)
Required fields are indicated by .
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.