• Online, Instructor-Led

This course focuses on the integrated enterprise/cloud system where students develop the capability to 1) evaluate system security, 2) analyze system assessment reports to make recommendations for a Plan of Action and milestones, 3) comply with all Authorization to Operate package requirements, and 4) strategically develop ISCM (Information Security Continuous Monitoring). Students develop competencies to utilize NIST RMF Steps 0-6 (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor). After this course, successful students will be able to receive the CCRMP Certification.

Learning Objectives

Analyze and develop a plan to assess security controls. Analyze and develop a Security Assessment Plan (SAP) for assessing required security controls. Complete a Security Controls Assessment (SCA) as part of NIST RMF Step 4. Complete a Security Assessment report (SAR) based on the SCA. Identify remediation options as part of the development of a Plan of Action and Milestones (POA&M). Develop Authorization to Operate (ATO) package. Review the ATO package to make determination and authorization of the information system from the point-of-view of the Authorizing Official (AO) as part of NIST RMF Step 5. Determine the impact of system changes and apply the Information Security Continuous Monitoring (ISCM) strategy as part of NIST Step 6. Conduct the decommission of a system as part of NIST Step 6. Apply secondary research to cybersecurity challenges. Collect, interpret and analyze existing research and/or resources, and use in risk management processes.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas