In this course:

  • ISSO Subject Matter Expert

    +10 hours of video: Get a breakdown of the NIST ISSO process from a subject matter expert.

  • Template Walkthrough

    Get complete walkthroughs of Plan of Action and Milestone (POA&M), system security plan (SSP), and other RMF NIST 800 documents.

  • Tool & Resources

    Get downloadable POAMs, SSPs and other artifacts. Get downloadable samples of NIST 800 documents. Lots of references and resources

Course curriculum

  • 3

    Context Documentation

  • 4

    Overview of Security Control Documents

    • Security Policy: intro

    • Security Policy: Example

    • Maine State Government: Security Policy

    • EPA: Security Policy

    • Security Policy: Controls

    • Downloadable Security Policy

    • Organizational Policy Templates (downloadable)

  • 5

    System Security Plan (Overview)

    • Authorization Package (Overview)

    • System Security Plan (Overview)

    • System_Security_Plan_Excel_V_1.2.xlsx

  • 7

    AC Family Security Controls

  • 8

    AU Family Security Controls

    • Audit & Accountability: AU Security Controls OVERVIEW

    • Audit and Accountability: AU-1 Audit Policy Sample

    • Audit & Accountability: AU-1 Policy writing

    • RMFISSO_SC_AU_Controls PART 1

    • Examples of Audit Logs

    • Audit and Accountability Control AU-2 (POAM Part 1)

    • Audit and Accountability Control AU-4 storage capacity (POAM Part 2)

    • Audit and Accountability Control Family AU Audit logs part 1

    • Audit and Accountability Control part 2 AU-2 and AU-6 Actual Security Logs

  • 9

    AT Family Security Controls

    • AT Security Controls Introduction

    • AT-1 Security Awareness Policy (part 1)

    • AT-1 Security Awareness Policy (part 2) writing

    • AT-1 Security Awareness Policy (part 3) Format and Content

    • AT Control Downloadable templates

    • AT-1-Lets Write a Security Awareness Policy (part 1)

    • AT-1 Lets Write a Security Awareness Policy (part 2)

    • AT-1 Lets Write a Security Awareness Policy (part 3)

    • AT-1 Lets Write a Security Awareness Policy (part 4)

    • AT-1 Lets Write a Security Awareness Policy (part 5)

    • AT-2 Security Awareness Training (PART 1)

    • AT-2 Security Awareness Training (PART 2)

    • AT-3 Security Awareness Training ROLE BASED (part 1)

    • AT-3 Security Awareness Training ROLE BASED (part 2)

    • AT Controls POA&M

  • 10

    CM Configuration Management

    • Configuration Management Overview

    • What is Configuration Management?

    • Configuration Management: Big Picture

    • Configuration Management: Configuration Advisory Board (CAB)

    • Configuration Management and System Development Life Cycle (SDLC)

    • Configuration Management Family of Controls

    • CM-1 Configuration Management Policy

    • Configuration Management Plan (downloadable)

    • CM-2 Baseline Configuration (Overview)

    • CM-2 Baseline Configuration: Documentation

    • CM-2(1) Baseline Configuration - REVIEWS AND UPDATES

    • CM-3 Configuration Change Control (Overview)

    • CCB Sample - Large Synoptic Telescope

    • CCB Sample - New Jersey

    • CM-3 Configuration Change Control - Documentation

    • CM-3 Configuration Change Control - ISSO

    • CM-4 Security Impact Analysis Overview

    • CM-4 Security Impact Analysis - Information Security Professional

    • CM-4 Security Impact Analysis - Documentation

    • CM-7 Least Functionality

    • CM-11 User-Installed Software

    • NIST SP 800-128 Configuration Management Information System

  • 11

    Continuous Monitoring

    • Continuous Monitoring (part 1)

    • Continuous Monitoring (Part 2)

  • 12

    Risk Responses

    • NIST RMF Risk Responses Introduction

    • NIST RMF Risk Responses: Risk Avoidance & Mitigation

    • NIST RMF Risk Responses: Risk Transfer

    • NIST RMF Risk Responses: Risk Acknowledge

    • NIST RMF Risk Responses: Risk Acknowledge Forms

    • NIST RMF Risk Responses: Conclusion

  • 13

    Certification Assessment (CA) Security Control Family

    • NIST control CA-1 Certification, Accreditation, And Security Assessment

    • NIST 800 Control CA-02 - Security Assessment

    • NIST 800 Control CA-5 - Plan of Action and Milestone (POA&M)

    • NIST 800 CA-7 - Continuous Monitoring (PART 1)

    • NIST 800 Security Controls CA-7 - Continuous Monitoring (PART 2)

  • 14

    Contingency Plan (CP) Security Controls

    • Contingency Plan (CP) Security Control Introduction

    • NIST 800 Security Control CP-2, Contingency Plan

    • Security Controls CP-3 and 4, Contingency Plan Training

    • Security Controls CP-7, Alternate Sites

    • Security Controls CP-8, Backups

    • Contingency Plan (NIST SP 800-34 template)

  • 15

    Personally Identifiable Information Processing Transparency (PT)

    • Introducing NIST Privacy Controls

    • Introduction to Privacy (part 2): Why it is important

    • Introduction to Privacy Policy - NIST 800

    • Personal Identifiable Information (PII) and Transparency (PT) NIST controls

    • NIST 800 PT-2, Document Authority to Process PII

    • NIST 800-53 PT-3, Document Purpose of PII

    • NIST 800 PT-4, Consent, PT-5, Privacy Notice and PT-6, System of Records Notice

    • NIST 800-53 Privacy Threshold Analysis (PTA)

    • NIST 800-53, Privacy Impact Assessment (PIA)

    • SORN: Perishable Agricultural Commodities Act (PACA)--Oracle Database (SAMPLE)

    • NIST 800-53, SORN Guide

    • NIST 800-53 PIA template

    • PTA Sample

    • PTA Template

    • System of Record Notice (SORN)

    • SORN Samples

    • PT Controls Downloads

    • Privacy Acts and Laws

    • Other Privacy Laws FTC, EU

  • 16

    Physical and Environmental Controls (PE)

    • NIST 800-53 - PE Controls - My Physical Security Background

    • NIST 800-53 - PE Controls - Defense in Depth

  • 17

    Identification and Authentication (IA)

    • Identification & Authentication NIST 800 37 & 800 53 1

    • What is identification and authentication IA NIST 800 1

    • Types of Identification and Authentication

    • Policy Identification and Authentication 1

    • NIST Security Policy Walkthrough IA part 1 Purpose 1

    • NIST Security Policy Walkthrough IA part 2 Authority and Law 1 (1)

    • NIST Security Policy Walkthrough IA part 3 Effective Policy

    • NIST Security Policy Walkthrough IA part 4 Policy Template 1

    • NIST Security Policy Walkthrough IA part 5 Resources 1

    • NIST Security Policy Walkthrough IA part 6 Procedures 1 1

    • NIST Security Policy Walkthrough IA part 7 Procedures 2 1

    • Identification & Authentication IA-2 (NIST 800-37 & 800-53)

    • Identification & Authentication The main IA Controls (NIST 800-37 & 800-53)

testimonials

kudos

sam

Hi Bruce, I wanted to send you kudos on your course and video materials. The free course RMF ISSO: Security Controls was a great intro for me for a project I am working on. In fact, it was so good when I finished, I immediately signed up for your paid course on Security Controls. Keep up the great work.

Pricing options