• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course concentrates on how to validate NIST SP 800-53 Rev 4 Security Controls and meet FISMA requirements. It includes an overview of the Risk Management Framework (RMF) from NIST SP 800-37, CNSSI 1253, various system types, application scanning, security readiness reviews and vulnerability scanning. The course provides an in-depth explanation of each control identified in NIST SP 800-53 Rev 4 to include what method should be used to test, what evidence should be gathered, and how to more efficiently and effectively test DoD information systems and infrastructure.

The curriculum will prepare the security controls assessor to understand the process for testing the NIST security controls using manual and automated tests to ensure all controls are tested properly.

Learning Objectives

Module 1: Introduction to Cybersecurity

  • Define cybersecurity
  • Know basic cybersecurity terminology
  • Identify the primary cybersecurity threats from cyberwar, cyber terror, and cybercrime
  • Identify specific cybersecurity threats to the Federal government and DOD
  • Apply learned concepts to identify threats in a threat exercise

Module 2: Cybersecurity Laws, Regulations and Standards

  • Know cybersecurity laws
  • Know cybersecurity regulations
  • Know security standards
  • Identify legal challenges to cybersecurity

Module 3: Designing with Cybersecurity in Mind

  • Define defense in depth
  • Identify critical technologies to support cybersecurity defense in depth
  • Know the principles and use of offensive cybersecurity
  • Apply concepts in a defense in depth exercise

Module 4: Managing Cybersecurity

  • Know the components of good cybersecurity management
  • Identify the elements of cybersecurity governance
  • Define critical elements of cybersecurity policy and procedures
  • Know the relationship of cybersecurity and the system development life cycle
  • Identify and list critical cybersecurity metrics
  • Review the requirements for cybersecurity education, training and awareness

Module 5: Special Cybersecurity Topics

  • Know the elements of IT Contingency Planning
  • Identify cybersecurity incidents and the requirements for investigations
  • Define the requirements for privacy and the protection of personal information
  • Know the concepts of cybersecurity ethics
  • Analyze the requirements in a cybersecurity exercise

Framework Connections