Skip to main content

BAI Announces Security Control Assessment (SCA) Workshop

By Alice Steger, Director of Sales & Marketing

Training Overview

Security Controls Assessment Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities – which most are – then this course will provide a useful guide for how to evaluate the effectiveness of the security controls that are in place.

The Security Control Assessment (SCA) is a process for assessing and improving information security. It is a systematic procedure for evaluating, describing, testing and examining information system security prior to or after a system is in operation. The SCA process is used extensively in the U.S. Federal Government under the RMF Authorization process. Security assessments are conducted to support security authorization events for agencies and organizations. These assessments provide data in a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise.

This security control assessment process identifies vulnerabilities and countermeasures and determines residual risks; then the residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk and then re-evaluated. The system may be deployed only when the residual risks are acceptable to the enterprise.

Who Should Attend

The SCA Workshop is recommended for all system owners, developers and staff, and will enable them to better prepare for independent assessment by DoD or federal agencies. SCA Workshop is also recommended for those currently performing independent assessment or those who aspire to do this work.

Training Goals

The goal of the SCA activity is to assess the security controls using appropriate assessment procedures to determine the extent to which the controls are:

+ Implemented correctly,

+ Operating as intended, and

+ Producing the desired outcome with respect to meeting the security requirements

for the system.

Course Prerequisites

A prerequisite to this course is a strong understanding of RMF, and it is highly recommended students complete the 4-day RMF training program prior to registration.

Delivery Methods

Security Control Assessment (SCA) will initially be offered as an online, instructor-led class, using our Online Personal Classroom™ technology.

Learn More

For additional information on Security Control Assessment (SCA) training, including initial dates for Security Control Assessment (SCA), please call BAI at 1-800-RMF-1903 or visit

Post Categories: BAI AnnouncementsRisk Management FrameworkRMF Training Tags: