This course equips the student with an overview of the system Authorization and Assessment (A&A) process and the Risk Management Framework (RMF) for DoD IT and National Security Systems (NSS). This course reviews, at an in-depth level, NIST SP 800-37, NIST SP 800-53, Rev 4, DoDI 8510.01, DoDI 8500.1, CNSS 1253, and other crucial directives that govern this process. In addition to the classroom instruction, the student will also participate in several scenario-based hands-on exercises in the implementation of the RMF using the CNSS, DoD, and Special Access Program (SAP) requirements to provide a clear knowledge bridge to the revised system authorization processes – for those currently working with A&A or for those who have limited A&A experience. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms) for NSS and DoD Systems.
Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments.
November 8 @ 09:05
09:05 — 17:05 (8h)