STS Systems Support, LLC (SSS) is pleased to offer an intense 5-day Workshop to those personnel who must understand, implement, maintain, address and transition to the National Institute of Standards and Technology (NIST) SP 800-53 Rev.4 (soon Rev. 5) security controls and understand the associated assessment procedures defined by the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and SP 800-53A Assessment Procedures.
STIGs: Critical to Compliance Process
The STIGs contain technical guidance to “lock down” information systems / software that might otherwise be vulnerable to a malicious computer attack. Using the STIGS along with SCAP allows administrators to harden their architecture and meet security control requirements defined in SP 800-53 Rev. 4 (soon Rev. 5), which is required by the RMF process.
Although this hardening process has been around for many years there are still challenges with understanding how critical the STIG’s are in the compliance process, how time consuming they can be and how they are actually performed.
The communication and transfer of information system compliance evidence between administrators and managers can be strained. The System Administrators have root access to the information systems but have little insight into the RMF process and what is required to keep the system approved, running and documented. The Information System Security Managers are required to report on system security posture IAW RMF process directives but lack root access to gather information system evidence on their own. This dilemma can delay accreditation efforts resulting in additional costs as well as deteriorating continuity with the organization.
Cost of Course: $2,300.00 per student (Government Rates and Volume Rates are available)
Materials Required: Laptops are required as each student will be asked to create documentation and participate in practical exercises that guide the students. The laptop must have Adobe Acrobat Reader (free version), Excel, Word and a browser. ResourceCD are provided to each student via download and CDs for those attending this course, for in-class work, as well as supplemental materials. This information along with hands on exercises and practice in class should increase their understanding of not only security control policies but of Group Policy Editor and Registry editor settings required by the DISA STIGs.
NOTE: All SSS training locations have appropriately configured laptops for each student to use during class.
Course Materials Provided: Students will receive a workbook (to include instructional slides) and a ResourceCD (that includes supporting materials and exercises).
Instructor Policy: Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival, please let us know at the time of registration. Please do not make any travel arrangements prior to 5pm (local time) on the last day of training.
Locations: We offer this course in San Antonio, TX. Mobile training is also available at your facility for up to 10 students per course. Contact us at Training@sss-anc.com or (888) 939-4313 for details, pricing and availability for mobile training options.
STIG Hardening Workshop (5 days)
WHO SHOULD ATTEND?
This workshop is designed to provide Security Content Automation Protocol (SCAP) / STIG compliance guidance and understanding to the major roles associated with the Risk Management Framework (RMF) process to include:
This workshop blends lecture, discussion and hands-on exercises to educate students on the hardening methodology required when implementing the RMF for their IT systems, as prescribed in the updated DoD and related NIST publications and focuses on the evidence required to prove that information systems are secure and are ready for an Authority to Operate. The course provides a functional understanding of how to use the STIG Viewer, the SCAP tool, importing SCAP results into the viewer and mapping the STIG results to the proper assessment procedures using the Control Correlation Identifiers (CCI’s). Communication methods, influence strategies, and understanding the level of effort required by the entire RMF team are critical to success in the RMF process.
Students will learn the process and best practices as it relates to STIG compliance. With a sufficient understanding of the methodologies and techniques used students will begin with a minimally compliant laptop and identify false positives and vulnerabilities and then actually harden their laptops during class using the SCAP and STIG’s. The students will repeat steps of scanning with SCAP, importing into STIG Viewer, hardening, and scanning again until their laptop is compliant and vulnerabilities have been mitigated to an acceptable level.
Questions about our corporate training may be directed to
Ask about our mobile training capability—
it saves you money!