This course focuses on the integrated enterprise/cloud system where students develop the capability to 1) evaluate system security, 2) analyze system assessment reports to make recommendations for a Plan of Action and milestones, 3) comply with all Authorization to Operate package requirements, and 4) strategically develop ISCM (Information Security Continuous Monitoring). Students develop competencies to utilize NIST RMF Steps 0-6 (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor). After this course, successful students will be able to receive the CCRMP Certification.
Learning Objectives
Analyze and develop a plan to assess security controls. Analyze and develop a Security Assessment Plan (SAP) for assessing required security controls. Complete a Security Controls Assessment (SCA) as part of NIST RMF Step 4. Complete a Security Assessment report (SAR) based on the SCA. Identify remediation options as part of the development of a Plan of Action and Milestones (POA&M). Develop Authorization to Operate (ATO) package. Review the ATO package to make determination and authorization of the information system from the point-of-view of the Authorizing Official (AO) as part of NIST RMF Step 5. Determine the impact of system changes and apply the Information Security Continuous Monitoring (ISCM) strategy as part of NIST Step 6. Conduct the decommission of a system as part of NIST Step 6. Apply secondary research to cybersecurity challenges. Collect, interpret and analyze existing research and/or resources, and use in risk management processes.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.