Skip to main content

Taught by a Navy Qualified Validator, this 5-Day course enables the learner to thoroughly implement and document the necessary security controls in preparation for assessment as well as understand the assessment process in order to be an active participant and ensure the assessment is successful. The fifth day provides an in-depth analysis of STIGs and how the STIGs are incorporated into the implementation and assessment of the security controls.

Live online events

  • 22 July
    5 days, 10:00 AM EDT - 05:00 PM EDT
    • PD hours: 40
    • $2,995.00 excl.
  • 12 August
    5 days, 10:00 AM EDT - 04:00 PM EDT
    • PD hours: 40
    • $2,995.00 excl.
  • 16 September
    5 days, 10:00 AM EDT - 05:00 PM EDT
    • PD hours: 40
    • $2,995.00 excl.
  • 28 October
    5 days, 10:00 AM EDT - 05:00 PM EDT
    • PD hours: 40
    • $2,995.00 excl.
  • 18 November
    5 days, 10:00 AM EST - 05:00 PM EST
    • PD hours: 40
    • $2,995.00 excl.
  • 02 December
    5 days, 10:00 AM EST - 05:00 PM EST
    • PD hours: 40
    • $2,995.00 excl.
None of these dates work for you? Suggest another date & time


Security Controls Implementation Workshop (Days 1 &2) is an in-depth dive into Step 4 of the Risk Management Framework process Implement Security Controls. The course will take the student through the entire process concentrating on key areas of the process (see below). Upon completion of the course the student can confidently return to their respective organizations and ensure the highest level of success for the most difficult part of the RMF process.

Key Areas:

  • In-depth project planning for security controls implementation.
  • The concept of traceability.
  • The concept of “holistic security”
  • How to properly implement security controls.
  • In-depth review of the most critical security controls and how to implement them.
  • Students selected security controls review and their implementation.
  • Documenting test results the right way.
  • The role of STIGs in the process.
  • And many more.


Security Controls Assessment Workshop (Days 3&4) provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities – which most are – then this course will provide a useful guide for how to evaluate the effectiveness of the security controls that are in place.

The Security Control Assessment is a process for assessing and improving information security. It is a systematic procedure for evaluating, describing, testing and examining information system security prior to or after a system is in operation. The security control assessment process is used extensively in the U.S. Federal Government under the RMF Authorization & Assessment process. Security assessments are conducted to support security authorization events for agencies and organizations. These assessments provide data in a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise.

This security control assessment process identifies vulnerabilities and countermeasures and determines residual risks; then the residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk and then re-evaluated. The system may be deployed only when the residual risks are acceptable to the enterprise.

The goal of the assessment activity is to assess the security controls using appropriate assessment procedures to determine the extent to which the controls are: implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Key Areas

  • Review of the SCA role in RMF
  • Security Control Assessment Criteria and Requirements
  • Assessing Controls – The Process
  • Managerial Control Reviews
  • Technical Control Reviews
  • Operational Control Reviews
  • Security Control Assessment Reporting

STIG 101 (Day 5) provides an intensive 1-day course offers participants a deep dive into the world of DISA Security Technical Implementation Guides (STIGs) through a hands-on virtual workshop experience. Designed for IT professionals and security practitioners within the Department of Defense (DoD) and beyond, this workshop provides a comprehensive understanding of STIGs and practical skills for implementing them effectively.

Throughout the day, participants will engage in a series of hands-on activities conducted within a virtual machine environment. These activities are carefully crafted to simulate real-world scenarios, allowing participants to gain practical experience in applying STIG requirements to various IT systems and technologies.

Key topics covered in the workshop include:

  • Introduction to DISA Security Technical Implementation Guides (STIGs)
  • Understanding STIG architecture and components
  • Interpreting STIG requirements and controls
  • Implementing STIGs in a virtual machine environment
  • Assessing system compliance and remediating non-compliance issues
  • DoD Provided Tools (STIG Viewer, SCC, and Evaluate-STIG)
  • Best practices for maintaining STIG compliance over time

By the end of the workshop, participants will have acquired the knowledge and skills necessary to confidently implement and maintain DISA STIGs within their organizations. Whether you're a seasoned IT professional or new to the world of STIGs, this workshop offers invaluable hands-on experience to enhance your cybersecurity capabilities and ensure compliance with DoD security standards. Join us for this immersive learning experience and take your STIG implementation skills to the next level!


Course Prerequisites

While no prerequisites are required for enrollment in this course, possessing a foundational comprehension of information security principles and a grasp of compliance and regulatory standards is advantageous. Familiarity with concepts like confidentiality, integrity, availability, risk assessment, and vulnerability management is beneficial. Prior experience in IT or cybersecurity is recommended to enhance your learning experience.

Hardware requirements: any PC that can run Zoom in the browser or the Zoom app.

Private Group Classes

If you have a group of students (normally 8 or more), any of our training programs can be delivered at your site (in a suitable classroom facility), or in our Online Personal Classroom. Group classes offer significant savings over individual class registrations; the larger the class, the greater the savings.

Please click here to request a quote.

Who Should Attend

This training is intended to serve DoD personnel and supporting contractors who have a responsibility to implement and/or assess security posture by evaluating RMF security Controls. There is no pre-requisite but RMF training is highly suggested to accompany the Security Control Implementation and Assessment Workshop.