Implementing & Assessing Security Controls

Course Duration

4 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

A strong understanding of RMF is required. Completion of Building a DoD Security Package (RMF in Practice) is highly recommended.

Course Description

This 4-day Masterclass combines two critical workshops: Security Controls Implementation (Step 3) and Security Controls Assessment (Step 4). Designed to bridge the gap between building security and verifying it, this course provides the deep technical dive required to prove system security in a hostile threat environment. Whether you are an ISSO documenting compliance or an SCA testing it, you will leave fully equipped for both roles. Students may register for the full 4-day series (recommended) or take either 2-day workshop individually.

Course Outline

Part 1: Security Controls Implementation (Days 1-2)

• Project Planning for Controls
• The Concept of Traceability
• Holistic Security Implementation
• Documenting Test Results
• The Role of STIGs
• Critical Controls Review

Part 2: Security Controls Assessment (Days 3-4)

• Role of the SCA
• Assessment Criteria and Requirements
• Managerial Control Reviews
• Technical Control Reviews
• Operational Control Reviews
• Developing the SAR