NIST 800-37 Rev 1 Applying Risk Management Framework to Federal IS
Provided by:
Objective:
The 3-day New NIST Essentials course is a blend of lecture and hands-on exercises to introduce the student to the new Security Authorization Process. New NIST Essentials covers the fundamental concepts associated with security authorization and the tasks and detailed guidance for the three phases of Security Authorization Process. The level of detail provided for each Security Authorization Process phase consists of the Security Authorization Process tasks that identify organizational roles with primary responsibility for carrying out the tasks, supporting roles, corresponding phases in the SDLC where the tasks are typically executed, implementation guidance to amplify and add greater clarity to the tasks, and essential publication references (FIPS, Special Publications, and others).
In the spirit of continuing the rapid convergence, NIST, ODNI, DOD, and CNSS initiated an interagency working group in March 2008 to develop a common security authorization process for federal information systems. The new security authorization process changes the traditional focus from the stove-pipe, organization-centric, static-based approaches to C&A and provides the capability to more effectively manage information system-related security risks in highly dynamic environments of complex and sophisticated cyber threats, ever increasing system vulnerabilities, and rapidly changing missions. The process, designed to be tightly integrated into enterprise architectures and ongoing system development life cycle processes, promotes the concept of near real-time risk management, capitalizes on current and previous investments in technology including automated support tools, and takes advantage of over three decades of lessons learned in previous C&A approaches.
We at SecureInfo refer to this as Federal Information System Security Authorization Process or Security Authorization Process which is a new and more efficient way of performing the NIST 800-37 process and our 3-day New NIST Essentials Process course is a blend of lecture and hands-on exercises to introduce the student to the new Security Authorization Process.
Course Topics:
New NIST Security Authorization Process:
- Fundamental concepts of the new Security Authorization Process
- Integration of information security into the SDLC
- The Risk Management Framework
- Roles and Responsibilities of Security Authorization Process Key Players
- Information System and authorization boundaries
- Security control inheritance/Common Controls
- The Security Authorization package contents
- Types of security authorization decisions
- Continuous monitoring of security controls
- Achieving near real-time risk management
- The three phases of Security Authorization Process
- Integration into the Risk Management Framework
- The Preparation Phase
- Tasks and
- Detailed Guidance
- The Execution Phase
- Tasks and
- Detailed Guidance
- The Maintenance Phase
- Tasks and
- Detailed Guidance
Cost:
$1950.00 per Course
Group discounts available
Contact us for information
Courses:
Sponsorship:
We would like to thank our sponsors
 |
 |
For more information, contact SecureInfo at training@secureinfo.com or 1-888-677-9351.
Keynote Speaker: |
|
 |
Dr. Ron Ross |