• Classroom
Course Description

STS Systems Support, LLC (SSS) is off ering a 5-day course on Information Security Continuous Monitoring for Federal Information Systems and Organizations. The course
explores new/updated guidance, policy and procedures for implementing a well-developed and thorough approach for building a continuous monitoring program IAW SP 800-137, 800-39, 800-55, 800-128, 800-37 (Rev. 1), 800-53 (Rev. 4 [soon Rev. 5]) and 800-53A.

This in-depth course builds on the principles of the NIST Risk Management Framework (Step 6) and supporting NIST guidance (Risk Management, Performance Measurements, Security Control Catalogue, Security Control Assessment Procedures, Configuration Management, System Development Life Cycle, etc.). It familiarizes students with the new continuous monitoring guidance relating to understanding the process, identifying procedures, developing an organizational strategy and ultimately, incorporating a continuous monitoring program into the organizational mission/business functions.

Learning Objectives

Module 1: Introduction to Continuous Monitoring (NIST SP 800-137)
• Course Overview/Objectives
• Key Terms
• Continuous Monitoring Background
• Purpose and Applicability
• Overview of Continuous Monitoring Process

Module 2: Continuous Monitoring Relationship to Other NIST Guidance
• NIST SP 800-39—Risk Management Process
• NIST SP 800-55—Defining Organizational Metrics and Measurements
• NIST SP 800-128—Security Confi guration Management for Information Systems
• NIST SP 800-37, Rev. 1—NIST Risk Management Framework
• NIST SP 800-53, Rev. 4 (soon Rev. 5)—Security Control Catalog
• NIST SP 800-53A,—Security Control Assessment Guide

Module 3: The Fundamentals—Ongoing Monitoring in Support of Risk Management
• Organization-wide View of Continuous Monitoring
• Ongoing System Authorizations
• Role of Automation in Continuous Monitoring
• Continuous Monitoring Roles and Responsibilities

Module 4: The Process—Building a Continuous Monitoring Program
• Define Continuous Monitoring Strategy
• Establish Measures and Metrics
• Establish Monitoring and Assessment Frequencies

Module 5: Social Motivation, Influence strategies, Penetration Testing Methodology
• Implement a Continuous Monitoring Program
• Analyze Data and Report Findings
• Respond to Findings
• Review and Update the Monitoring Program and Strategy
• Course Summary / Q&A Session

Framework Connections