This 5-day course concentrates on methods used to validate DoD IA Controls as contained in NIST 800-53, Rev. 4 and CNSSI 1253. Discussion areas include an overview of the RMF for DoD IT, the DoD-defined information system types and the associated security concerns, vulnerability scanning, DoD-approved automated scanning tools, and many more. The course provides an in-depth explanation of each control identified in NIST 800-53, Rev. 4 and CNSSI 1253 to include the appropriate testing method, associated supporting evidence (known as artifacts), and how to more efficiently and effectively test and validate DoD systems and infrastructure. The curriculum will prepare the ACA to test against the DoD IA controls using manual and automated procedures in accordance with the standards set forth by the Department.
Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the transition from DIACAP to RMF for DoD IT. Our training is based upon participation of our subject matter experts in transition working groups and direct experience with other Federal, DoD and commercial clients. In compliance with the Federal Information Security Management Act (FISMA), Federal agencies and the Intelligence Community have already transitioned to the use of the NIST Risk Management Framework (RMF) as the foundation for their assessment and authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible.
The class will include the following:
- Introduction to the Risk Management Framework and supporting laws, standards, and regulations
- The New Lexicon
- New Requirements under FISMA 2012
- RMF Roles and Responsibilities
- Steps in the RMF Process
- NIST 800-53 Rev 4 and CNSSI 1253 Security controls requirements and validation process
- Preparing and submitting the authorization package
- Understanding and executing continuous monitoring
Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments.
Every student participating in Lunarline’s courses will receive a National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011 and CNSSI 4012 Certificate for successful participation in the course, which will allow you to add the (CNSS) NSTISSI 4011 and CNSSI 4012 designation to your resumes. As well as earning CPE’s to your existing certifications with CompTIA, (for the CASP certificate only), ISC2 and ISACA.