RMF and Supply Chain Security
(One Day)
Today, our organizations rely on digital technology more than ever to accomplish critical mission/business functions. Information and communications technology (ICT), Operational Technology (OT), and IT Services that organizations acquire are part of complex, globally distributed, extensive, and interconnected supply chain ecosystems that are comprised of geographically diverse routes and consists of multiple levels of outsourcing. These facts present risks that are called “supply chain injection” attacks that have seen a significant increase since 2018.
To mitigate and manage these risks your organization needs a NIST compliant Cybersecurity Supply Chain Risk Management (C-SCRM) that differs from the traditional supply chain risk management programs that mainly deal with materiel and non-IT assets. This course will assist your organization in developing a tailored C-SCRM program that is cost effective and address C-SCRM requirements (implementation statements and assessment procedures) brought in NIST SP 800-53 Rev 5.
Subject Areas Covered:
- Establish C-SCRM team, determine roles and responsibilities.
- Basis for determining whether a technology, service, system component, or system is fit for purpose, and as such, the controls need to be tailored accordingly.
- Address requirements for developing trustworthy, secure, privacy-protective, and resilient system components and systems.
- Addresses managing, implementation, and monitoring of C-SCRM controls
- Determine C-SCRM risk tolerance
- Identifying and assessing C-SCRM risks
- Determining appropriate risk response actions and acceptable C-SCRM risk mitigation strategies or controls.
- Description of and justification for C-SCRM mitigation measures taken
- Monitoring performance against plans
- Specify documentation protection requirements.
- Providing training, education, and awareness programs for personnel regarding C-SCRM, available mitigation strategies
- Train personnel to detect counterfeit system components
Who should attend?
RMF and Supply Chain security is applicable to all federal and DoD personnel as well as members of the defense industrial base.
Duration
1 day
This one-day training helps learners understand how to implement necessary security controls to protect the DoD supply chain.
Course Overview & Outlines
Please Click here for a detailed course overview and outline of RMF and Supply Chain Security.
Delivery Methods
The RMF and Supply Chain Security training program is offered on a regularly-scheduled basis in
Aberdeen | Charleston | Colorado Springs | Dayton | Huntsville | National Capital Region | Pensacola | San Antonio | San Diego | Seattle | Southern Maryland
Training is also available to distance learners via Online Personal Classroom™ technology.
RMF and Supply Chain Security is also available as a “Friday supplemental class” to organizations wishing to obtain “on site” RMF training for a group of students.
Bundling
Discount pricing is available when this class is combined with RMF for DoD IT. Please contact us for details.
We have an assortment of supplemental classes that can be bundled with the RMF for DoD IT to enhance your RMF training experience. By bundling you can receive a considerable discount on the supplemental classes.
Private Group Classes
If you have a group of students (normally 8 or more), any of our training programs can be delivered at your site (in a suitable classroom facility), or in our Online Personal Classroom. Group classes offer significant savings over individual class registrations; the larger the class, the greater the savings.
Please click here to request a quote.
Training fees
“Per student” fee for regularly-scheduled RMF and Supply Chain Security is as follows:
Payment options for regularly-scheduled training are as follows:
How to Register
Registration for regularly-scheduled classes can be completed in two ways:
On-line (recommended).
Click here for online registration and payment.
By FAX or e-mail
Click here for a printable registration form.