NIST Security Controls Workshop
The NIST SP 800-53, Rev3 (Aug 09) and CNSSI 1253, Ver1 (Oct 09) “Security Controls Selection, Implementation, and Assessment” 5 Day Workshop
SecureInfo Corporation is pleased to offer an intense 5-day Workshop for those personnel who must understand, implement, maintain; assess, and transition to the new NIST SP 800-53 Rev3 security controls. It is highly recommended that the student complete the NIST RMF Workshop or have a complete understanding or experience with the new NIST Risk Management Framework (RMF) / Security Authorization Process (SAP). NIST, working with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee on National Security Systems (CNSS), has established a common, FISMA compliant, foundation for information security/assurance across the entire federal government.
The old, system-centric, NIST C&A process (NIST SP 800-37) has been revitalized (integrated into NIST’s RMF) and totally transformed into a “near real time risk management” process, based on continuous Information System monitoring – fully integrating the new SAP.
This workshop builds on and strengthens the students NIST RMF/SAP knowledge base. The blend of lecture and hands-on exercises is continued to provide the student with highly detailed information concerning the NIST SP 800-53, Rev3 (CNSSI 1253 directed) security control selection and specification process and the guidance/activities necessary to translate the security controls identified in the Information System’s Security Plan into an effective implementation.
The student is also provided with highly detailed information concerning the NIST SP 800-53A, Rev1 process of assessing the security controls in federal information systems and organizations (including the development of Security Assessment Plans and full coverage of the new “Program Management (PM)” family of security controls). Laptops are required for this workshop, as each student will be asked to participate in practical hands-on exercises that will greatly add to the students learning experience. See the “Course Topics” below for details.
Duration: 5 days
Cost of Course: $2,300.00 per student (GSA and Volume Rates Available)
Materials Required
The laptop must have a Web browser, Adobe Acrobat Reader, Excel, and Word. Resource Kits are provided via CDs for students attending the course, for in-class work, as well as supplemental materials. NOTE: SecureInfo training locations have appropriately configured computers for each student.
Course Materials Provided
Students will receive a workbook (to include instructional slides) and Resource Kit via CD (includes all supporting materials and exercises).
Instructor Policy
Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival please let us know at the time of registration. Please do not make any return travel arrangements prior to 6pm on the last day of training.
Locations
We offer this course in the SecureInfo training classroom (San Antonio, Texas or McLean, Virginia locations) or via mobile training at your facility for up to 20 students per course. Contact us at training@secureinfo.com or (210) 403-5600 (ask for training) for more information and pricing on mobile training options.
Who Should Attend?
NIST/CNSS’s new common foundation for information security/assurance provides the Intelligence Community, Defense, and Civil sectors of the federal government and their supporting contractors, more uniform and consistent ways to manage the risk to operations, assets, individuals, other organizations, and the Nation from the operation and use of information systems. State, local,and tribal governments, as well as private sector organizations that compose the critical infrastructure of the United States, are also highly encouraged by NIST to consider the use of the new guidelines.
The NIST Security Controls Workshop is intended to serve a diverse group of information system and information security/assurance professionals, both in and supporting all areas of the federal government/DOD and the Intelligence Community including:
- Individuals with information system development and integration responsibilities.
(e.g., program managers, information technology product developers, information system developers, systems integrators) - Individuals with information system and security management and oversight responsibilities.
(e.g., authorizing officials, chief information officers, senior agency information security officers, information system managers, information security managers) - Individuals with information system and security control assessment and monitoring
responsibilities.
(e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, Inspectors General, or information system owners) - Individuals with information security implementation and operational responsibilities.
(e.g., information system owners, common control providers, information owners/stewards, mission/business owners, information system security engineers/officers)
Course Topics
NIST Security Controls Workshop (5 days):
Module 1: Specifying/Selecting and Implementing SCs – Part 1
- Introduction/Review
- The Need for SCs to Protect FIS/NSI/NSSs
- Purpose and Applicability
- Target Audience
- Relationship to Other SC Publications
- Organizational Responsibilities
- The Fundamentals
- SC Organization and Structure
- SC Baselines
- Common SCs
- SCs in External Environments
- SC Assurance
- Revisions and Extensions
- Q&A/EOM 1 Exercise
Module 2: Specifying/Selecting and Implementing SCs – Part 2
- The Process
- Managing Risk
- Security Categorization
- Selecting and Tailoring the Initial Baseline
- Supplementing the Tailored Baseline
- Updating Security Controls
- Implementing the SCs
- Q&A/EOM 2 Exercise
Module 3: Assessing Security Controls – Part 1
- Introduction
- The Need to Assess SC Effectiveness in ISs
- Purpose and Applicability
- Target Audience
- Relationship to Other Publications
- The Fundamentals
- Assessments Within the SDLC
- Strategy for Conducting SC Assessments
- Building an Effective Assurance Case
- Assessment Procedures
- Extended Assessment Procedure
- Q&A/EOM 3 Exercise
Module 4: Assessing Security Controls – Part 2
- Introduction
- The Process
- Preparing for SC Assessments
- Developing Security Assessment Plans
- Conducting SC Assessments
- Analyzing SAR Results
- Q&A/EOM 4 Exercise
Module 5: Security Controls Hands-On Exercises
- Introduction
- NIST SP 800-70
- Exercises, Exercises, Exercises, and more Exercises
- Wrap-Up Register Now
Register Now
Questions about our corporate training may be directed to training@secureinfo.com, or call 888.677.9351.
Ask about our mobile training capability--it saves you money!
Schedule:
View Upcoming Courses
Prices:
For Corporate Pricing, Please Call 888.677.9351
GSA Contract:
GS-35F-0509W
- Training
- Courses
- AFCAP/eMASS Workshop 3-Day
- CompTIA A+ Essentials
- CompTIA A+ Practical Applications
- CompTIA Security+ Workshop
- DIACAP Essentials
- DIACAP Workshop
- eMASS
- FedRAMP for Cloud Computing 3-Day
- NIST Continuous Monitoring 1-Day
- NIST Continuous Monitoring 3-Day
- NIST Continuous Monitoring 5-Day
- NIST Organizational Risk Management
- NIST RMF Workshop 3-Day
- NIST RMF Workshop 5-Day
- NIST Security Controls Workshop 3-Day
- NIST Security Controls Workshop 5-Day
- Nuclear Cyber Security Controls Assessment Workshop
- Nuclear Cyber Security Plan Workshop
- RMS Product Training
- Schedule/Registration
- Courses