NIST 800 Series Training -- Implementing NIST Special Publication 800-37, Rev. 1
Understanding the National Institute of Standards and Technology (NIST) Guide for Applying the Risk Management Framework to Federal Information Systems, A Security Life Cycle Approach
NIST 800-37, Rev. 1 attempts to streamline and demystify the security assessment process. Your organization can realize these efficiencies. Telos can help you learn how with Xacta IT security training.
NIST CERTIFICATION AND ACCREDITATION TRAINING
Our three-day training course will provide you and your team with the skills needed to recognize and construct an assessment program for new or legacy Automated Information Systems (AIS) in accordance with NIST Special Publication 800-37 Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems, A Security Life Cycle Approach.
In conjunction with NIST 800-37, Rev. 1, this course includes the most-current emerging family of security related publications (800-53, 800-53A, 800-60, FIPS 199 and FIPS 200), which is intended to provide a structured, yet flexible framework for identifying, employing, and evaluating the security controls in federal information systems-and thus, satisfy the requirements of the FISMA legislation.
Who Should Attend?
The NIST RMF Process applies to all US Government departments, agencies, and their contractors. And, as with all NIST standards, it is a public standard suitable for adoption by state and local governments, non-profit institutions, and commercial companies.
Key Personnel: Information System Security Officers, System Security Managers, Information Technology Managers, Data Security Specialists, System Administrators, Program Managers, Certification Authorities, Security Control Assessors and Authorizing Officials.
All information security professionals who:
- Are responsible for performing or maintaining their organization's system/network security assessment process
- Have less than one year of active participation in a dedicated security assessment effort
- Are Interested in learning how to build the team necessary to conduct a successful, efficient security assessment program
Course Topics and Interactive Learning
Course content includes instruction and practical hands-on exercise labs covering:
- Assessment Fundamentals
- Vulnerabilities and Security Controls
- Risk Management
- NIST RMF Process Overview
- Step 1. CATEGORIZE
- Step 2. SELECT
- Step 3. IMPLEMENT
- Step 4. ASSESS
- Step 5. AUTHORIZE
- Step 6. MONITOR
- Review Security Assessment Package
What Will You Learn?
Upon successful completion of the NIST Certification & Accreditation training course, each participant will be able to:
- Understand the RMF guidelines presented in NIST 800-37, Rev 1
- Describe the process of identifying/defining an accreditation boundary
- Understand threat and vulnerability relationships and how they correlate to risk
- Identify and implement applicable NIST publications to complete a certification and accreditation effort including:
- NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems
- NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems
- NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems
- NIST Special Publication 800-53, Guide for the Selection and Specification of Security Controls for Federal Information Systems
- NIST Special Publication 800-53A, Techniques and Procedures for Verifying the Effectiveness of Security Controls in Federal Information Systems
- NIST Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Objectives and Risk Levels
- FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems
- FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems
- Identify and implement key NIST Risk Management process steps such as:
- Categorizing information types and assigning impact levels as required by FIPS 199
- Selecting baseline controls for an information system from SP800-53 as required by FIPS 200
- Validating selected controls through the use of SP 800-53
- Walk through the SP 800-37 process step-by-step and understand what roles are involved and what documentation is generated
- Describe the Contents of a Security Assessment Documentation Package, with emphasis on the following documentation:
- System Security Plan (SSP)
- Security Assessment Report (SAR)
- Plan of Action & Milestones (POA&M)
Check the training schedule here.