Course curriculum

  • 01

    Overview of the course

    Show Content
  • 03

    Context Documentation

    Show Content
  • 04

    Overview of Security Control Documents

    Show Content
    • Security Policy: intro

    • Security Policy: Example

    • Maine State Government: Security Policy

    • EPA: Security Policy

    • Security Policy: Controls

    • Downloadable Security Policy

    • Organizational Policy Templates (downloadable)

  • 05

    System Security Plan (Overview)

    Show Content
    • Authorization Package (Overview)

    • System Security Plan (Overview)

    • System_Security_Plan_Excel_V_1.2.xlsx

  • 07

    AC Family Security Controls

    Show Content
  • 08

    AU Family Security Controls

    Show Content
    • Audit & Accountability: AU Security Controls OVERVIEW

    • Audit and Accountability: AU-1 Audit Policy Sample

    • Audit & Accountability: AU-1 Policy writing

    • RMFISSO_SC_AU_Controls PART 1

    • Examples of Audit Logs

    • Audit and Accountability Control AU-2 (POAM Part 1)

    • Audit and Accountability Control AU-4 storage capacity (POAM Part 2)

    • Audit and Accountability Control Family AU Audit logs part 1

    • Audit and Accountability Control part 2 AU-2 and AU-6 Actual Security Logs

  • 09

    AT Family Security Controls

    Show Content
    • AT Security Controls Introduction

    • AT-1 Security Awareness Policy (part 1)

    • AT-1 Security Awareness Policy (part 2) writing

    • AT-1 Security Awareness Policy (part 3) Format and Content

    • AT Control Downloadable templates

    • AT-1-Lets Write a Security Awareness Policy (part 1)

    • AT-1 Lets Write a Security Awareness Policy (part 2)

    • AT-1 Lets Write a Security Awareness Policy (part 3)

    • AT-1 Lets Write a Security Awareness Policy (part 4)

    • AT-1 Lets Write a Security Awareness Policy (part 5)

    • AT-2 Security Awareness Training (PART 1)

    • AT-2 Security Awareness Training (PART 2)

    • AT-3 Security Awareness Training ROLE BASED (part 1)

    • AT-3 Security Awareness Training ROLE BASED (part 2)

    • AT Controls POA&M

  • 10

    CM Configuration Management

    Show Content
    • Configuration Management Overview

    • What is Configuration Management?

    • Configuration Management: Big Picture

    • Configuration Management: Configuration Advisory Board (CAB)

    • Configuration Management and System Development Life Cycle (SDLC)

    • Configuration Management Family of Controls

    • CM-1 Configuration Management Policy

    • Configuration Management Plan (downloadable)

    • CM-2 Baseline Configuration (Overview)

    • CM-2 Baseline Configuration: Documentation

    • CM-2(1) Baseline Configuration - REVIEWS AND UPDATES

    • CM-3 Configuration Change Control (Overview)

    • CCB Sample - Large Synoptic Telescope

    • CCB Sample - New Jersey

    • CM-3 Configuration Change Control - Documentation

    • CM-3 Configuration Change Control - ISSO

    • CM-4 Security Impact Analysis Overview

    • CM-4 Security Impact Analysis - Information Security Professional

    • CM-4 Security Impact Analysis - Documentation

    • CM-7 Least Functionality

    • CM-11 User-Installed Software

    • NIST SP 800-128 Configuration Management Information System

  • 11

    Continuous Monitoring

    Show Content
    • Continuous Monitoring (part 1)

    • Continuous Monitoring (Part 2)

  • 12

    Risk Responses

    Show Content
    • NIST RMF Risk Responses Introduction

    • NIST RMF Risk Responses: Risk Avoidance & Mitigation

    • NIST RMF Risk Responses: Risk Transfer

    • NIST RMF Risk Responses: Risk Acknowledge

    • NIST RMF Risk Responses: Risk Acknowledge Forms

    • NIST RMF Risk Responses: Conclusion

  • 13

    Certification Assessment (CA) Security Control Family

    Show Content
    • NIST control CA-1 Certification, Accreditation, And Security Assessment

    • NIST 800 Control CA-02 - Security Assessment

    • NIST 800 Control CA-5 - Plan of Action and Milestone (POA&M)

    • NIST 800 CA-7 - Continuous Monitoring (PART 1)

    • NIST 800 Security Controls CA-7 - Continuous Monitoring (PART 2)

  • 14

    Contingency Plan (CP) Security Controls

    Show Content
    • Contingency Plan (CP) Security Control Introduction

    • NIST 800 Security Control CP-2, Contingency Plan

    • Security Controls CP-3 and 4, Contingency Plan Training

    • Security Controls CP-7, Alternate Sites

    • Security Controls CP-8, Backups

Pricing

Checklist

Risk Management Framework / Information System Security Officers, Security Controls Documentation (Part 1)

  • Deep dive into essential security documents and why they are needed.

  • Walk through of essential information system security documents for the NIST 800-37 RMF process.

  • Included deep dive for AC, AU, AT security controls and gets you familiar with many others security control families.

Additional products

View more courses