NIST Security Controls
NIST Security Controls
Kratos SecureInfo is pleased to offer an intense 5-day Workshop for those personnel who must understand, implement, maintain, address and transition to the new NIST SP 800-53 Rev.4 (FINAL) security controls. It is highly recommended that the student complete the NIST RMF Workshop or have a complete understanding or experience with the new NIST Risk Management Framework (RMF) / Security Authorization Process (SAP). NIST, working with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee on National Security Systems (CNSS), has established a common, FISMA compliant, foundation for information security/assurance across the entire federal government.
The old, system-centric, NIST C&A process (NIST SP 800-37) has been revitalized (integrated into NIST’s RMF) and totally transformed into a “near real time risk management” process, based on continuous Information System monitoring – fully integrating the new SAP. This workshop builds on and strengthens the students NIST RMF/SAP knowledge base.
The blend of lecture and hands-on exercises is continued to provide the student with highly detailed information concerning the NIST SP 800-53, Rev.4 (Jan 14, 2014) CNSSI 1253 (directed - Mar 27, 2014) security control selection and specification process and the guidance/activities necessary to translate the security controls identified in the Information System’s Security Plan into an effective implementation.
The student is also provided with highly detailed information concerning the NIST SP 800-53A, Rev.1 process of assessing the security controls in federal information systems and organizations (including the development of Security Assessment Plans and full coverage of the new “Program Management (PM)” family of security controls).
Module 1: Introduction/Review • Workshop Introduction / Key Concepts • The Need to Protect Information and Information Systems • Purpose and Applicability • Target Audience • Relationship To Other Security Control Publications • Organizational Responsibilities • Q&A/End of Module 1 Exercise(s)
Module 2: Security Control Fundamentals • Introduction • Multitier Risk Management • Security Control Structure • Security Control Baselines • Security Control Designations • External Service Providers • Assurance and Trustworthiness • Revisions and Extensions • Q&A/End of Module 2 Exercise(s)
Module 3: The Process / Part 1: Selecting / Tailoring Security Controls • Selecting Security Control Security Categorization Baseline Selection • Tailoring Baseline Security Controls Identifying and Designating Common Controls Applying Scoping Considerations Selecting Compensating Security Controls Assigning Security Control Parameter Values Supplementing Security Control Baselines Providing Additional Specification Information for Control Implementation • Q&A/End of Module 3 Exercise(s)
Module 4: The Process / Part 2: Overlays / Documenting / Systems • Creating Overlays • Documenting the Control Selection Process • New Development and Legacy Systems • Q&A/End of Module 4 Exercise(s)
Module 5: Implementing the Security Controls (Students will use Modified SP 800-53 Workbook) • Implementation Tips • The PM Controls • The Dash-1 Controls • The A&A Controls • The Privacy Controls • International INFOSEC Standards • ICS Security Controls - SP 800-82 • The AT Controls • The CA Controls • The AC Controls • NIST SP 800-70 RMF Bonus Module: • RDIT Purpose & Applicability • RMF Transition • DoD RMF Policy • RMF Responsibilities • RMF Governance - Overview • RMF Knowledge Service • Security Authorization Documentation • The RMF Steps / Tasks • Categorize System • Select Security Controls • Implement Security Controls • Assess Security Controls • Authorization Information System • Monitor Security Controls
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.