Home - Training

New NIST Security Authorization Process – 3 Days

The 3-day New NIST Security Authorization Process course is a blend of lecture and hands-on exercises to introduce the student to the new Security Authorization Process. New NIST Security Authorization Process covers the fundamental concepts associated with security authorization and the tasks and detailed guidance for the three phases of NIST Security Authorization Process. The level of detail provided for each NIST Security Authorization Process phase consists of the NIST Security Authorization Process tasks that identify organizational roles with primary responsibility for carrying out the tasks, supporting roles, corresponding phases in the SDLC where the tasks are typically executed, implementation guidance to amplify and add greater clarity to the tasks, and essential publication references (FIPS, Special Publications, and others).

Duration
3 days

Course Topics:
New NIST Security Authorization Process:

  • Fundamental concepts of the new Security Authorization Process
    • Integration of information security into the SDLC
    • The Risk Management Framework
    • Roles and Responsibilities / Key Players
    • Information System and authorization boundaries
    • Security control inheritance/Common Controls
    • The Security Authorization package contents
    • Types of security authorization decisions
    • Continuous monitoring of security controls
    • Achieving near real-time risk management
  • The three phases of the Security Authorization Process
    • Integration into the Risk Management Framework
    • The Preparation Phase
      • Tasks and
      • Detailed Guidance
    • The Execution Phase
      • Tasks and
      • Detailed Guidance
    • The Maintenance Phase
      • Tasks and
      • Detailed Guidance

Cost of Course: Contact SANS for more information.

Laptop Required
Laptops are required for this course, as each student will be asked to create documentation and participate in practical exercises that guide the students learning from Security Authorization Process essentials, fundamental concepts, and Security Authorization Phases to the details of selecting, specifying, implementing, and assessing the security controls. The laptop must have a Web browser, Adobe Acrobat Reader, Excel, and Word. Resource Kits are provided via Thumb Drives for students attending the course, for in-class work, as well as supplemental materials.

Who Should Attend?
This 3 day course is intended to serve a diverse group of information system and information security professionals in and supporting the federal government including:

  • Individuals with information system development and integration responsibilities (e.g., program managers, information technology product developers, information system developers, systems integrators)
  • Individuals with information system and security management and oversight responsibilities (e.g., authorizing officials, chief information officers, senior agency information security officers, information system managers, information security managers)
  • Individuals with information system and security control assessment and monitoring responsibilities (e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, Inspectors General, or information system owners)
  • Individuals with information security implementation and operational responsibilities (e.g., information system owners, common control providers, information owners/stewards, mission/business owners, information system security engineers/officers).

Register Now

Questions about our corporate training may be directed to training@secureinfo.com, or call 888.677.9351.

Ask about our mobile training capability--it saves you money!