Introduction
Assessment principles
Control assessment of Federal Information Systems
Control assessment vs Penetration Testing
Control assessments and the RMF
Control assessments and the SDLC
Control assessment strategies
Control assessment Methods
Selecting qualified assessors
Foundations of control assessment
NIST Controls OverviewManagement ControlsOperational ControlsTechnical Controls
Management Controls
Operational Controls
Technical Controls
Manual vs automated assessment
In depth review of control families and control assessment proceduresAccess ControlAwareness and TrainingAudit and AccountabilityAssessment, Authorization, and MonitoringConfiguration ManagementContingency PlanningIdentification and AuthenticationIndividual ParticipationIncident ResponseMaintenanceMedia ProtectionPrivacy AuthorizationPhysical and Environmental ProtectionPlanningProgram ManagementPersonnel SecurityRisk AssessmentSystem and Services AcquisitionSystems and Communication ProtectionSystem and Information Integrity
Access Control
Awareness and Training
Audit and Accountability
Assessment, Authorization, and Monitoring
Configuration Management
Contingency Planning
Identification and Authentication
Individual Participation
Incident Response
Maintenance
Media Protection
Privacy Authorization
Physical and Environmental Protection
Planning
Program Management
Personnel Security
Risk Assessment
System and Services Acquisition
Systems and Communication Protection
System and Information Integrity
Assessment DocumentationControl Assessment PlanControl Assessment Report
Control Assessment Plan
Control Assessment Report
Control assessment Resources
Automated Control Assessment Tools

Learner Outcomes
Students learn and discuss the control assessment process integrated with the System Development Life Cycle to include roles and responsibilities; references; and guidelines. They complete exercises relevant to completing assessments, for example how to prepare for the assessment with a properly developed assessment plan, conducting the assessment, completing control artifacts for system authorization or continuous monitoring. Students will also learn and discuss the technologies, best practices, and procedures used in the control assessment. Other topics include life cycle activities in the DoD Instruction 8510.01 (RMF for DoD IT) NIST Special Publication (SP) 800-53 Security Controls, NIST assessment procedures, and enhancements to CNSS Instruction 1253. Training will include lectures and class discussions, class hands-on activities as well as individual hands on activities, case studies, and individual and team exercises.

Information System and Information Security experience.