This course concentrates on how to validate NIST SP 800-53 Rev 4 Security Controls and meet the requirements for the Assessment and Authorization of the IT system. It includes a short overview of the Risk Management Framework (RMF) from NIST SP 800-37. This course was developed to help the people who have the assigned roles and responsibilities of a Validator or an Assessor. This course does provide the students who are not Validators the insight to how the security controls will be assessed. The course provides an in-depth explanation of each control identified in NIST SP 800-53 Rev 4 to include what method should be used to test, what evidence should be gathered, and how to more efficiently and effectively test DoD and NSS systems and infrastructure. The curriculum will prepare the security controls assessor to understand the process for testing the NIST security controls using manual and automated tests to ensure all controls are tested properly. This RMF for DoD IT SCA 4 Day course also includes the requirements of 8510.01, 8500.01 and the CNSS policies.
This course is geared for students who already have an understanding of the RMF for DOD IT process. Lunarline recommends the 3-day In-Depth or 4-day Intensity course be taken as a pre-requisite to this course as this course focuses on the security controls and how they are to be assessed. This course does not focus on the RMF process at an in-depth level.