5 Day Course
The Information Security Continuous Monitoring for Federal Information Systems and Organizations Workshop explores new guidance, policy and procedures for implementing a well-developed and thorough strategy for building a continuous monitoring program IAW SP 800-137, 800-39, 800-55, 800-128, 800-37 (Rev. 1), and 800-53 (Rev. 4).
This in-depth workshop builds on the principles of the NIST Risk Management Framework (Step 6) and supporting NIST guidance (Risk Management, Performance Measurements, Security Control Catalogue, Security Control Assessment Procedures, Configuration Management, System Development Life Cycle, etc.) to familiarize the student with the new continuous monitoring guidance relating to understanding the process, identifying procedures, developing an organizational strategy and, ultimately, incorporating a continuous monitoring program into the organizational mission/business functions.
$2,300.00 (GSA rates and volume discounts are available)
Materials Required: Students in mobile training classes must provide their own computers.
Course Materials Provided: Students will receive a workbook (to include instructional slides) and resource kit with applicable NIST and federal guidance.
We offer this workshop in the Kratos SecureInfo training classroom (San Antonio, TX or Chantilly, VA locations) or via mobile training at your facility for up to 15 students per course. Contact us at email@example.com or (210) 403-5600 (ask for the Training Department) for more information and pricing on mobile training options.
Who Should Attend?
- Individuals associated with the design, development, implementation, operation, maintenance and disposition of federal information systems. This includes individuals with:
- mission/business ownership responsibilities or fiduciary responsibilities (e.g., heads of federal agencies, chief executive officers, chief financial officers)
- information system development and integration responsibilities (e.g., program managers, information technology product developers, information system developers, information systems integrators, enterprise architects, information security architects)
- information system and/or security management/oversight responsibilities (e.g., senior leaders, risk executives, authorizing officials, chief information officers, senior information security officers)
- information system and security control assessment and monitoring responsibilities (e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, information system owners)
- information security implementation and operational responsibilities (e.g., information system owners, common control providers, information owners/stewards, mission/business owners, information security architects, information system security engineers/officers)
Module 1: Introduction to Continuous Monitoring (NIST SP 800-137)
- Workshop Overview/Objectives
- Key Terms
- Continuous Monitoring Background
- Purpose and Applicability
- Overview of Continuous Monitoring Process
Module 2: Continuous Monitoring Relationship to Other NIST Guidance
- NIST SP 800-39 – Risk Management Process
- NIST SP 800-55 – Defining Organizational Metrics and Measurements
- NIST SP 800-128 – Security Configuration Management for Information Systems
- NIST SP 800-37, Rev. 1 – NIST Risk Management Framework
- NIST SP 800-53, Rev. 4 – Security Control Catalogue
Module 3: The Fundamentals – Ongoing Monitoring in Support of Risk Management
- Organization-wide View of Continuous Monitoring
- Ongoing System Authorizations
- Role of Automation in Continuous Monitoring
- Technologies for Enabling ISCM
Module 4: The Process – Building a Continuous Monitoring Program
- Define Continuous Monitoring Strategy
- Establish an ISCM Program
Module 5: The Process - Implementing and Maintaining a Continuous Monitoring Program
- Implement a Continuous Monitoring Program
- Analyze Data and Report Findings
- Respond to Findings
- Review and Update the Monitoring Program and Strategy
Course Summary/Q&A Session
For course availability, please view our training schedule.
Questions about our corporate training may be directed to training@KratosSecureInfo.com
, or call 888.753.8377. Ask about our mobile training capability--it may save you money!