NIST Security Controls Workshop

STS Systems Support, LLC (SSS) is pleased to offer an intense 5-day workshop for those personnel who must understand, implement, maintain, address and transition to the new NIST SP 800-53 Rev.4 (soon Rev. 5) security controls. It is highly recommended that the student completes the RMF Workshop or have a complete understanding or experience with the new NIST Risk Management Framework (RMF) / Security Authorization Process (SAP). NIST, working with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee on National Security Systems (CNSS), has established a common, FISMA compliant, foundation for information security/assurance across the entire federal government.

The old, system-centric, NIST C&A process (NIST SP 800-37) has been revitalized (integrated into NIST’s RMF) and totally transformed into a “near real time risk management” process, based on continuous Information System monitoring – fully integrating the new SAP.

This workshop builds on and strengthens the students NIST RMF/SAP knowledge base. The blend of lecture and hands-on exercises is continued to provide the student with highly detailed information concerning the NIST SP 800-53, Rev.4 (soon Rev. 5) CNSSI 1253 security control selection and specification process and the guidance/activities necessary to translate the security controls identified in the Information System’s Security Plan into an effective implementation.

The student is also provided with highly detailed information concerning the NIST SP 800-53A, Rev.1 process of assessing the security controls in federal information systems and organizations (including the development of Security Assessment Plans and full coverage of the new “Program Management (PM)” family of security controls). Laptops are required for this workshop, as each student will be asked to participate in practical hands-on exercises that will greatly add to the students learning experience. See the “Course Topics” below for details.

Duration: 5-days

Cost of Course: $2,300.00 per student (Government Rates and Volume Rates are available)

Materials Required: Laptops are required as each student will be asked to create documentation and participate in practical exercises that guide the students. The laptop must have Adobe Acrobat Reader (free version), Excel, Word and a browser. ResourceCD are provided to each student via download and CDs for those attending this course, for in-class work, as well as supplemental materials.

NOTE: All SSS training locations have appropriately configured laptops for each student to use during class.

Course Materials Provided: Students will receive a workbook (to include instructional slides) and a ResourceCD (that includes supporting materials and exercises).

Instructor Policy: Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival, please let us know at the time of registration. Please do not make any travel arrangements prior to 5pm (local time) on the last day of training.

Locations: We offer this course in San Antonio, TX. Mobile training is also available at your facility for up to 15 students per course. Contact us at Training@sss-anc.com or (888) 939-4313 for details, pricing and availability for mobile training options.

Course Topics

NIST Security Controls Workshop (5 days)

Module 1: Introduction/Review
- Workshop Introduction / Key Concepts
- The Need to Protect Information and Information Systems
- Purpose and Applicability
- Target Audience
- Relationship To Other Security Control Publications
- Organizational Responsibilities
- Q&A/End of Module 1 Exercise(s)
Module 2: Security Control Fundamentals
- Introduction
- Multitier Risk Management
- Security Control Structure
- Security Control Baselines
- Security Control Designations
- External Service Providers
- Assurance and Trustworthiness
- Revisions and Extensions
- Q&A/End of Module 2 Exercise(s)
Module 3: The Process / Part 1: Selecting / Tailoring Security Controls
- Selecting Security Control
  - Security Categorization
  - Baseline Selection
- Tailoring Baseline Security Controls
  - Identifying and Designating Common Controls
  - Applying Scoping considerations
  - Selecting Compensating Security Controls
  - Assigning Security Control Parameter Values
  - Supplementing Security Control Baselines
  - Providing Additional Specification Information for Control Implementation
- Q&A/End of Module 3 Exercise(s)
Module 4: The Process / Part 2: Overlays / Documenting / Systems
- Creating Overlays
- Documenting the Control Selection Process
- New Development and Legacy Systems
- Q&A/End of Module 4 Exercise(s)
Module 5: Implementing the Security Controls
(Students will use Modified SP 800-53 Workbook)
- Implementation Tips
- The PM Controls
- The Dash-1 Controls
- The A&A Controls
- The Privacy Controls
- International INFOSEC Standards
- ICS Security Controls - SP 800--82
- The AT Controls
- The CA Controls
- The AC Controls
- NIST SP 800-70
RMF Bonus Module:
- RDIT Purpose & Applicability
- RMF Transition
- DoD RMF Policy
- RMF Responsibilities
- RMF Governance—Overview
- RMF Knowledge Service
- Security Authorization Documentation
- The RMF Steps / Tasks
- Categorize System
- Select Security Controls
- Assess Security Controls
- Authorization Information System
- Monitor Security Controls

NIST/CNSS’s new common foundation for information security/assurance provides the Intelligence Community, Defense, and Civil sectors of the federal government and their supporting contractors, more uniform and consistent ways to manage the risk to operations, assets, individuals, other organizations, and the Nation from the operation and use of information systems. State, local, and tribal governments, as well as private sector organizations that compose the critical infrastructure of the United States, are also highly encouraged by NIST to consider the use of the new and updated guidelines.

Individuals with information system development and integration responsibilities. (e.g., Program Managers, Information Technology Product Developers, Information System Developers, Systems Integrators)
Individuals with information system and security management and oversight responsibilities. (e.g., Authorizing Officials, Chief Information Officers, Senior Agency Information Security Officers, Information System Managers, Information Security Managers)
Individuals with information system and security control assessment and monitoring responsibilities. (e.g., System Evaluators, Assessors / Assessment Teams, Independent Verification and Validation Assessors, Auditors, Inspectors General, or Information System Owners)
Individuals with information security implementation and operational responsibilities. (e.g., Information System Owners, Common Control Providers, Information Owners / Stewards, Mission/Business Owners, Information System Security Engineers / Officers)

Questions about our corporate training may be directed to

Training@sss-anc.com

(888) 939-4313

Ask about our mobile training capability—

it saves you money!

STS Systems Support 1826 North Loop 1604 W Suite 336A San Antonio, TX 78248

STS Systems Support is a Bristol Bay Native Corporation Company

Phone: (210) 892-3511 Fax: (210) 892-3522 www.sss-anc.com

TIMESHEET

CERIDIAN/DAYFORCE

DUNS: 08-0448-7230 CAGE: 7S2T6 Tax ID: 81-4325845