Home - Training

Nuclear Cyber Security Controls Assessment Workshop

5-Day Workshop

SecureInfo Corporation is pleased to offer the Cybersecurity Controls Assessment 5 Day Workshop. This intense workshop introduces attendees to the NIST guidance that NRC used to develop the RG 5.71 Cybersecurity Controls and subsequently was incorporated into NEI 08-09, Rev 6. The roles and responsibilities of your Cybersecurity Assessment Team (CSAT) members are covered in detail. Workshop attendees are then taught the NIST assessment philosophy, including activities/tasks required for pre-assessment, assessment, and post-assessment of the cybersecurity controls.

Cybersecurity Control Assessment Workshop attendees are introduced to the level of effort that is required for licensees to provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design-basis threat (DBT). Attendees are taught the importance of a Security Assessment Plan (SAP); and then shown, step-by-step, how to develop a Security Assessment Plan (SAP) that is applicable to your CDAs. Attendees will be given the tools, knowledge, and experience necessary, through intense hands-on exercises, to build an effective assurance case for each of the cybersecurity controls in the operational, management, and technical families.

Duration: 5 days

Cost of Course

Contact SecureInfo Corporation to discuss costs.

Materials Required

Laptops are required as each student will be asked to create documentation and participate in practical hands-on exercises that guide the students learning experience. The laptop must have Adobe Acrobat Reader, Microsoft Excel and Word. NOTE: A hard copy of your current CSP is required.

Course Materials Provided

Students will receive a workbook and Resource Kit via CD (includes all supporting materials and exercises).

Instructor Policy

Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival please let us know at the time of registration. Please do not make any travel arrangements prior to 6pm on the last day of training.

Locations

We offer this course via mobile training at your facility for up to 20 students per course.

Who Should Attend?

CSAT members and those organizational members who will be assisting the CSAT with Cybersecurity Control assessment procedures development activities/tasks, actual assessment related activities/tasks, and post-assessment activities/tasks.

Course Topics:

Day 1:

  • Morning (Kickoff)
    • Workshop Exec Intro/Q&A
    • RMF: 6 Steps – An Overview
    • (CSAT) Roles and Responsibilities
    • Q&A
  • Afternoon (RMF Process)
    • Tasks 1 – 10 of the RMF Process
    • Tasks 11 – 21 of the RMF Process
    • Tasks 22 – 32 of the RMF Process
    • Q&A

Day 2:

  • Morning (SP 800-53A Intro)
    • SC Assessment - Intro/Fundamentals
    • 3 Phases of Assessment
    • Level of Effort Requirements
    • Q&A
  • Afternoon (Security Assessment Plan)
    • Security Plan to SAP
    • SAP Contents
    • SAP to SA Report
    • Q&A

Day 3:

  • Morning (53A to NEI 08-09)
    • 53A Assessment Procedures Intro
    • Specific Assessment Details App G/App I (ICSs)
    • 53 Rev3 Match to NEI 08-09 Controls
    • Q&A
  • Afternoon (Assessing the Op & Man Controls)
    • Media Protection/ Personnel Security
    • System and Information Integrity/ Maintenance
    • Physical and Operational Environment Protection/ Defense-In-Depth
    • Q&A

Day 4:

  • Morning (Op & Man Controls – Hands-On)
    • Attack Mitigation and Incident Response/ Cybersecurity Contingency Plan
    • Training/Configuration Management
    • System Services Acquisition/Evaluate and Manage Cyber Risk
    • Q&A
  • Afternoon (Assessing the Tech Controls)
    • Access Controls
    • Audit and Accountability
    • Q&A

Day 5:

  • Morning (Tech Controls – Hands-On)
    • CDA, System and Communications Protection
    • Identification and Authentication
    • Q&A
  • Afternoon Afternoon (Tech Controls – Hands-On)
    • System Hardening
    • Q&A

Register Now

Contact us at training@secureinfo.com or (210) 403-5600 (ask for training) for more information and pricing on mobile training options.