Security Controls Assessor Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities – which most are – then this course will provide a useful guide for how to evaluate the effectiveness of the security controls that are in place.
The Security Control Assessment (SCA) is a process for assessing and improving information security. It is a systematic procedure for evaluating, describing, testing and examining information system security prior to or after a system is in operation. The SCA process is used extensively in the U.S. Federal Government under the RMF Authorization process. Security assessments are conducted to support security authorization events for agencies and organizations. These assessments provide data in a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise.
This security control assessment process identifies vulnerabilities and countermeasures and determines residual risks; then the residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk and then re-evaluated. The system may be deployed only when the residual risks are acceptable to the enterprise.
The goal of the SCA activity is to assess the security controls using appropriate assessment procedures to determine the extent to which the controls are: implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
- Review of the SCA role in RMF
- SCA Criteria and Requirements
- Assessing Controls – The Process
- Managerial Control Reviews
- Technical Control Reviews
- Operational Control Reviews
- SCA Reporting
Who should attend?
This training is intended to serve DoD personnel and supporting contractors who have a responsibility to assess security posture by evaluating RMF security Controls. There is no pre-requisite but RMF training is highly suggested to accompany the Security Control Assessor Workshop.
This two-day training program teaches a well-developed approach to evaluation and testing of security controls to prove they are functioning as correctly in today’s IT systems.
The Security Control Assessor Workshop will initially be offered as an online, instructor-led class, using our Online Personal Classroom™ technology.
The Security Control Assessor Workshop is also available as an add-on to the RMF course to organizations wishing to obtain “on site” RMF training for a group of students.
Discount pricing is available when this class is combined with RMF for DoD IT. Please contact us for details.
We have an assortment of supplemental classes that can be bundled with the RMF for DoD IT to enhance your RMF training experience. By bundling you can receive a considerable discount on the supplemental classes.
“Per student” fee for regularly-scheduled Security Control Assessor Workshop courses is as follows:
Security Controls Assessor Workshop (two day) – $ 1,395
Payment options for regularly-scheduled training are as follows:
Credit card – Visa, MasterCard and American Express
SF182 – government entities may submit an SF182 for invoicing after completion of training
PO – purchase orders are accepted from government and major corporate entities