In this virtual NIST RMF/FedRAMP practicum, focusing on the integrated enterprise/cloud system, students develop the capability to evaluate a test case scenario information system, develop a System Security Plan, and select and/or write appropriate security controls based on NIST RMF (Steps 0-2, Prepare, Select, Implement) and FedRAMP guidelines.
Learning Objectives
Categorize information system based on NIST RMF guidelines. This includes evaluating information system documentation, analyzing information system documentation to produce FIPS 199 Worksheet, and finalizing System Registration Form. Select security controls based on NIST RMF and FedRAMP guidelines. Analyze and validate Security Controls Traceability Matrix (SCTM) using appropriate resources. Write a system security control in alignment with NIST RMF and FedRAMP guidelines. This may include developing a System Security Plan (SSP) control based on email scenario, analyzing scenario for implementation parameters, and documenting the implementation of assigned security control following best practices. Develop a compliant System Security Plan (SSP) using NIST RMF and FedRAMP. Analyze and document inherited controls to ensure cloud security posture is maintained. Differentiate and document hybrid and system controls in alignment with NIST RMF and FedRAMP. This may include analyzing system owner email to update information system documentation and evaluating Common Control Provider (CCP) controls to ensure that they meet security requirements of the system. Develop Information System Continuous Monitoring (ISCM) strategy based on NIST RMF best practices. This may include analyzing enterprise level ISCM strategy, and synthesizing and documenting system level ISCM strategy supporting enterprise level ISCM strategy. Prepare system for assessment. Students will evaluate all system documentation, evaluate key system documentation (SSP, SCTM, ISCM), and evaluate documentation of security controls ensuring appropriate measures meet security requirements. In addition, students will develop communication notifying key stakeholders of systems pending assessment. Demonstrate highly developed critical thinking skills and a deepened understanding of risk management issues. Understands how to research issues of importance to the organization as well as possible recommendations to address risk management processes. Collect, interpret and analyze existing research and/or resources, and use in risk management processes.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.