This course is focused on the proper assessment methods and procedures for controls defined in NIST SP 800-53 revision 4 and revision 5, as well as CNSSI 1253. This course is designed to provide Cybersecurity and Information Security Professionals that are responsible for the assessment of controls with the knowledge of control assessment methods, technologies, best practices, and techniques for proper assessment and documentation of assessment results in their environment. Students gain and understanding of the 2 new control families defined in NIST SP 800-53 R5 as well as the 18 families defined in SP 800-53 R4 and CNSSI 1253, and an in depth understanding of each control and how to assess each correctly.
Students gain an understanding of Control Assessment procedures; associated control assessment processes; implementation practices, techniques and technologies; roles and responsibilities; and artifacts development leading to U.S. Government information system authorization and approval during development and operations to include Information Security Continuous Monitoring (ISCM) assessments.
Students learn and discuss the control assessment process integrated with the System Development Life Cycle to include roles and responsibilities; references; and guidelines. They complete exercises relevant to completing assessments, for example how to prepare for the assessment with a properly developed assessment plan, conducting the assessment, completing control artifacts for system authorization or continuous monitoring. Student will also learn and discuss the technologies, best practices, and procedures used in the control assessment. Other topics include life cycle activities in the DoD Instruction 8510.01 (RMF for DoD IT) NIST Special Publication (SP) 800-53 Security Controls, NIST assessment procedures, and enhancements to CNSS Instruction 1253. Training will include lectures and class discussions, class hands-on activities as well as individual hands on activities, case studies, and individual and team exercises.
SEC550 is the second course in the Government Cybersecurity RMF Specialist. To complete the certificate students will also enroll in SEC525, & SEC575. Click on each course link for more details and to add to cart.
- Assessment principles
- Control. assessment of Federal Information Systems
- Control assessment vs Penetration Testing
- Control assessments and the RMF
- Control assessments and the SDLC
- Control assessment strategies
- Control assessment Methods
- Selecting qualified assessors
- Foundations of control assessment
- NIST Controls Overview
- Management Controls
- Operational Controls
- Technical Controls
- Manual vs automated assessment
- In depth review of control families and control assessment procedures
- Access Control
- Awareness and Training
- Audit and Accountability
- Assessment, Authorization, and Monitoring
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Individual Participation
- Incident Response
- Media Protection
- Privacy Authorization
- Physical and Environmental Protection
- Program Management
- Personnel Security
- Risk Assessment
- System and Services Acquisition
- Systems and Communication Protection
- System and Information Integrity
- Assessment Documentation
- Control Assessment Plan
- Control Assessment Report
- Control assessment Resources
- Automated Control Assessment Tools
Information System and Information Security experience.
30 Hours | 5 Days or 10 Nights
Applies Towards the Following Certificates
- Government RMF Specialist Certificate : 72 Hour Certificate
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.