Prepare for and/or fine tune your effective involvement in the processes, understanding the standards and creating the documents, so you can be successful in meeting evolving the Federal Information Security Management Act (FISMA) metrics.
Our FISMA experienced instructors will provide and in—depth understanding of the new FISMA processes including the DHS new FISMA oversight, analysis and support roles and the new Authorization process (Risk Management Framework (RMF)) and Information Security Continuous Monitoring (ISCM) requirements. They will provide with strategies for building the key RMF documents and provide you with real—world examples of a System Security Plan (SSP), Security Assessment Report (SAR), Plan Of Action and Milestones (POAM), and ISCM Plans. Attendees will be provided with a list of current continuous monitoring tools to include the tools evaluated by NIST as Security Content Automation Protocol (SCAP) compliant, Defense Approved Product List (APL), and SANS Consensus Audit Guidelines (CAG) vetted. Additionally, they be given instructions on how to create their own FISMA Cybersecurity Calendar that will allow them to manage and plan their FISMA actions in the most effective manner and have the most impact on gaining resources.
This course is your source for all information related to FISMA, conducting a system Authorization, and building your ISCM Plan and Cybersecurity Calendar. The course materials include the following:
• FISMA reference material on CD to include all FISMA related OMB, DHS and NIST directives, memorandums, standards and report documents, and
• Custom study guide containing all course slides and exercise, FISMA document summaries and samples of the key RMF documents including:
— System Security Plan (SSP)
— Security Assessment Report (SAR)
— Plan Of Action and Milestones (POAM)
— Information Security Continuous Monitoring Plans (ISCMP)
— FISMA Cybersecurity Calendar Management Tool
In—depth knowledge of the following:
1. FISMA Process: Annual DHS FISMA Reporting Metrics, CyberScope, CyberStat, and OMB FISMA Report to Congress
2. New Six—Step Risk Management Framework (RMF) FISMA Authorization Process
3. Risk Assessment Methods: Quantitative, Qualitative, and Quasi—Qualitative
4. US Government Information Assurance—Related Policies and Issuances
5. Strategies for building a your Information Security Continuous Monitoring Plan and FISMA Cybersecurity Calendar Management Tool
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.