• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course concentrates on how to validate NIST SP 800-53 Rev 4 Security Controls and meet FISMA requirements. It includes an overview of the Risk Management Framework (RMF) from NIST SP 800-37, various system types, application scanning, security readiness reviews and vulnerability scanning. The course provides an in-depth explanation of each control identified in NIST SP 800-53 Rev 4 to include what method should be used to test, what evidence should be gathered, and how to more efficiently and effectively test Federal information systems and infrastructure.

The curriculum will prepare the security controls assessor to understand the process for testing the NIST security controls using manual and automated tests to ensure all controls are tested properly.

Learning Objectives

Module 1: Critical Definitions

  • Know critical definitions
  • Identify impact of change on information systems security and the authorization process

Module 2: The Policies

  • Identify tasks in the RMF
  • Identify relevant NIST Special Publications and other policy documents

Module 3: Introducing Risk

  • Identify the elements of the Risk Management Framework (RMF)
  • Know the role of the Risk Executive Function
  • Define Risk Tolerance

Module 4: Roles and Responsibilities

  • Identify participants in the RMF
  • Define the roles and responsibilities associated with the RMF

Module 5: Summary of RMF Tasks

  • Know the six steps of the RMF process
  • Identify tasks for each of the steps

Module 6: Assessment Procedures and Methods

  • Identify the assessment procedures
  • Know assessment methods

Module 7: Planning and Executing the Assessment

  • Know the assessment planning steps
  • Define the assessment plan
  • Define the assessment approach
  • Know the process for executing an assessment
  • Identify testing viewpoints

Module 8: Assessment Procedures

  • Know the assessment procedures for each NIST security control
  • Identify relevant artifacts

Module 9: Understanding Risk

  • Review a Security Assessment Report (SAR) for the training system and implement a risk strategy
  • Determine risk acceptance and justify final decision

Framework Connections