• Online, Self-Paced
Course Description

Authorizing and monitoring security controls provides an understanding of security posture and provides an indication as to whether or not cybersecurity controls are operating as intended. This course provides learners with an understanding of the Authorization and Monitoring steps of the NIST SP 800-37 Rev. 2 Risk Management Framework.

Learning Objectives

On successful completion of this course, learners should have the knowledge and skills required to:

  • Provide organizational accountability by requiring a senior management official to determine if the security and privacy risk to operations, assets and individuals are acceptable
  • Report authorization decisions, significant vulnerabilities, and risks to organizational officials
  • Monitor the system and associated controls on an ongoing basis
  • Document changes to the system and environment of operation
  • Conduct risk assessments and impact analysis
  • Report the security and privacy posture of the system

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.