Authorizing and monitoring security controls provides an understanding of security posture and provides an indication as to whether or not cybersecurity controls are operating as intended. This course provides learners with an understanding of the Authorization and Monitoring steps of the NIST SP 800-37 Rev. 2 Risk Management Framework.
On successful completion of this course, learners should have the knowledge and skills required to:
- Provide organizational accountability by requiring a senior management official to determine if the security and privacy risk to operations, assets and individuals are acceptable
- Report authorization decisions, significant vulnerabilities, and risks to organizational officials
- Monitor the system and associated controls on an ongoing basis
- Document changes to the system and environment of operation
- Conduct risk assessments and impact analysis
- Report the security and privacy posture of the system
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.