Execute Search 
Secure Networks Emerging Technologies Information Assurance Secure Communications Identity Solutions Company

Xacta IA Manager User Training

The Xacta IA Manager User Training Course is a three-day program providing an overview of Xacta IA Manager: Assessment Engine from the user perspective. Lessons include lecture and extensive hands-on labs.

Recommended prerequisite:  Training in DIACAP or NIST processes. 

Who Should Attend?

  • Professionals responsible for performing or maintaining their organization's system/network certification and accreditation (C&A) or other security assessment processes.
  • Professionals at either end of the experience spectrum - from those people who are new to this type of activity to the seasoned professionals who, until now, have performed all C&A and information security assessment functions manually.
  • Professionals interested in conducting an effective C&A or security assessment program, and who would welcome a tool for automated and enabling continuous compliance and assessment, saving them time and money.

What Will You Learn?

Upon successful completion of this course, each attendee will:

  • Better understand how his or her role functions within the overall C&A or security assessment process.
  • Develop an in-depth understanding of how to operate C&A or security assessment effort using the Assessment Engine.
  • Have an appreciation for the benefits of automating your compliance efforts and how government/industry information security processes are beneficial to an organization in the short- and long-term.

Course Topics

  • Understanding Project Templates 
  • Getting Started in Assessment Engine  
  • System Definition and Categorization
  • Control Selection and Implementation 
  • Control Assessment 
  • Risk Analysis and Reporting
  • Content Management 
  • Project Management and Customization 
  • Updating Projects 
  • Extensible Publishing 
  • Setting Up Project Workflow and the Approval Process  

  • Interactive workshops and hands on labs will:

    • Include an overview of how the Xacta IA Manager: Assessment Engine automates the Certification & Accreditation / Security Authorization processes for two mainstream methodologies:
      1. DIACAP
      2. NIST 
    • Familiarize users with the application features of Xacta IA Manager: Assessment Engine and navigate within the application 
    • Help users understand the System Definition & Categorization process using project templates:
      1. Define key components of the system such as boundary, data flows, interfaces, system component groups, environment, etc.
      2. Classify the security categorization for the system depending on methodology (i.e. DoD MAC and Confidentiality Levels, NIST FIPS 199 Characterizations)
      3. Identify all project personnel 
      4. Enter assessment planning milestone 
    • Show users how to select, streamline, and implement the applicable controls for your system:
      1. Select regulations and controls for use depending on process template (DIACAP or NIST) 
      2. Designate applicable controls as Implemented, Planned or Inherited 
      3. Produce draft regulation documentation (Security Requirements Traceability Matrix [SRTM], References Appendices, DIACAP SIP and Implementation Plan, etc.) 
      4. Import or manually enter component data (equipment)
      5. Establish operating system and software associations 
      6. Complete the draft version of the system security document (i.e., SSAA, SSP or ISSA 
    • Demonstrate the control assessment process within  the Xacta IA Manager:
      1. Develop and describe detailed test plans and procedures 
      2. Record both technical and non-technical test results 
      3. Produce the test and evaluation plans, procedures and reports
      4. Identify system vulnerabilities to validate compliance to requirements 
    • Show how to analyze risk and generate final C&A documentation within Xacta IA Manager:
      1. Analyze the threats, vulnerabilities, and resultant risks associated with the system based on testing and analysis conducted
      2. Determine final risk level for the system as a whole and create a necessary risk documentation 
      3. Create a Plan of Action & Milestones (POA&M)
      4. Review main Security Document and associated appendices and then publish final C&A documentation package 
    • Teach users to determine how to record & document the accreditation decision and maintain the approved security level to the system:
      1. Enter the accreditation decision 
      2. Execute a project snapshot 
      3. Handle various system maintenance scenarios such as:
        • Updating the POA&M 
        • Conducting annual reviews required by FISMA 
        • Managing control inheritance status changes 
    • Show how to customize and manage the content within each of your projects:
      1. Add or edit regulations and their requirements
      2. Add or edit test procedures to validate requirements
      3. Add or edit equipment, operating system and software categories
      4. Administer additional content such as security and threat categories, criteria questions and various option lists available in the application
      5. Understand how content management affects an existing project
    • Teach users to manage and customize a project:
      1. Manage tasks, roles, process steps to customize your project
      2. Assign users to projects
      3. Restore snapshots
      4. Utilize the project backup/restore feature
    • Illustrate how to update a project:
      1. Update to a new template format
      2. Add a regulation from a content-only template
      3. Run a project compare reports
    • Familiarize users with the Extensible Publishing (EP) process:
      1. Manage EP process steps
      2. Create and customizing EP templates, Reference sheets, etc.
      3. Upload and managing EP templates
    • Demonstrate project workflow & and the approval process:
      1. Understand how the Workflow/Approval process works
      2. Setup the workflow/approval process


Check the training schedule here.

  1-800-444-9628 © 2012 Telos Corporation