Continuous Monitoring Training


3 days


Employees of federal, state and local governments; and businesses working with the government.

Course Description:

Information Security Continuous Monitoring (three days) covers roles and responsibilities, establishment and implementation of the ISCM strategy, analysis and reporting of findings, and program review in accordance with NIST Special Publication (SP) 800-137. Practical guidance on ISCM automation and support tools is provided. Student exercises, collaboration and case studies are used to reinforce the concepts taught in the class. The course content of Information Security Continuous Monitoring is geared to meet the needs of a diverse audience covering the spectrum of management, operational and technical roles. Students will gain thorough knowledge of the theory and policy background underlying continuous monitoring as well as the practical knowledge needed for effective implementation.

  • Organization-wide view of ISCM
  • Ongoing System Authorizations
  • Role of Automation
  • ISCM Roles and Responsibilities
  • ISCM Process – NIST SP 800-137
    • Step 1 – Define Strategy
    • Step 2 – Establish ISCM program
    • Step 3 – Implement
    • Step 4 – Analyze and Report
    • Step 5 – Respond to Findings
    • Step 6 – Review and Update
  • Supporting Technologies
    • Security Automation Domains
    • Security Information and Event Management (SIEM)
    • Security Content Automation Protocol (SCAP)
    • Reference Data Sources
      • National Vulnerability Database
      • Security Configuration Checklists
  • ISCM Reference Model
  • Exercises and Case Studies

What if I Have Questions After Training?

Train Plus is our RMF training partner’s post class Q&A session designed for students that have attended a class. Whether your training experience has been online, onsite or at an IT Dojo facility, our partners deliver this follow up session to answer questions that may arise post class.

It’s easy. Just dial in for a scheduled webinar and spend time with our RMF Subject Matter Expert to hear your questions answered along with other students’ questions. After all, education doesn’t stop just because the class is over.

Who Should Attend?

The Continuous Monitoring training program is appropriate for government employees and contractors in DoD, federal “civil” agencies and the intelligence community, particularly those responsible for managing and monitoring security posture on an ongoing basis.

About the Instructors

The instructors tasked to complete this training have previously developed training programs for DoD Information Assurance Certification and Accreditation Process (DIACAP) and the Federal Information Security Management Act (FISMA). These have now been completely revamped to reflect the unification of information security and risk management  practices in accordance with the Risk Management Framework (RMF).  To date, thousands of military personnel, civilian government employees and contractor personnel have completed one or more these training programs.

If you are looking for other dates or would like to bring an instructor into your facility or city, please contact us!