Risk Management Framework for Federal Security Controls Assessors Training (SCA)
|Commitment||4 days, 7-8 hours a day.|
|How To Pass||Pass all graded assignments to complete the course.|
|User Ratings||Average User Rating 4.8 See what learners said|
|Delivery Options||Instructor-Led Onsite, Online, and Classroom Live|
Risk Management Framework for Federal Security Controls Assessors Training (SCA) Course – Hands-on
This 4-day Risk Management Framework for Federal Security Controls Assessors Training (SCA) course provides an in-depth look at testing the controls using NIST SP 800-53A Rev. 4 and ensuring the use of the Risk Management Framework (RMF) for Federal Security Systems.
The focus of the course is an in-depth explanation of each NIST SP 800-53 Revision 4 controls to include what method should be used to test and validate each security control in accordance with NIST SP 800-53A, Rev. 4 and NIST SP 800-115, what evidence should be gathered, and how to more efficiently and effectively test Federal systems and infrastructure. The curriculum will introduce the independent tester or Validator to test the process for any of the Federal IA controls using manual and automated tests to ensure all controls are tested properly.
The Course will also cover NIST SP 800-53A, Rev. 4, NIST SP 800-115, NIST SP 800-37, NIST SP 800-39 and the development of the Security Assessment Report (SAR), and Plan Of Action and Milestones (POA&M). The student will have a hands-on experience using scenario-based hands-on exercises in executing the validation tests with the approved tools. These exercises will include the development of the Security Assessment Report (SAR).
- Introduction to Risk Management Framework Training (RMF)
- Risk Management Framework Implementation Training
- Risk Management Framework for Federal Systems Training
- Risk Management Framework for DoD & Intelligence Communities Training
- Risk Management Framework for DoD Security Controls Assessors Training (SCA)
- We can adapt this training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this training course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the training around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the training course in manner understandable to lay audiences.
Risk Management Framework for Federal Security Controls Assessors Training (SCA) Course – Audience/Target Group
The target audience for this training course:
Risk Management Framework for Federal Security Controls Assessors Training (SCA) Course – Class Prerequisites
The knowledge and skills that a learner must have before attending this training course are:
- This class is intended for individuals with in-depth knowledge of information systems and the FISMA/CNSS authorization process. It is recommended to take the FISMA/NIST/CNSS 3 or 4-day as a prerequisite class or have at least 3 years of experience in NIST/DoD A&A.
Risk Management Framework for Federal Security Controls Assessors Training (SCA) Course – Objectives:
Upon completing this training course, learners will be able to meet these objectives:
- The curriculum will prepare the security controls assessor to understand the process for testing the NIST security controls using manual and automated tests to ensure all controls are tested properly.
Risk Management Framework for Federal Security Controls Assessors Training (SCA) – Course Content
Module 1: Critical Definitions
- Know critical definitions
- Identify impact of change on information systems security and the authorization process
Module 2: The Policies
- Identify tasks in the RMF
- Identify relevant NIST Special Publications and other policy documents
Module 3: Introducing Risk
- Identify the elements of the Risk Management Framework (RMF)
- Know the role of the Risk Executive Function
- Define Risk Tolerance
Module 4: Roles and Responsibilities
- Identify participants in the RMF
- Define the roles and responsibilities associated with the RMF
Module 5: Summary of RMF Tasks
- Know the six steps of the RMF process
- Identify tasks for each of the steps
Module 6: Assessment Procedures and Methods
- Identify the assessment procedures
- Know assessment methods
Module 7: Planning and Executing the Assessment
- Know the assessment planning steps
- Define the assessment plan
- Define the assessment approach
- Know the process for executing an assessment
- Identify testing viewpoints
Module 8: Assessment Procedures
- Know the assessment procedures for each NIST security control
- Identify relevant artifacts
Module 9: Understanding Risk
- Review a Security Assessment Report (SAR) for the training system and implement a risk strategy
- Determine risk acceptance and justify final decision