Implementing Security Controls Workshop

Implementing Security Controls is widely considered the most labor-intensive and technically demanding phase of the Risk Management Framework (RMF). It is where policy meets reality. In this workshop, we move beyond the theory of "what" needs to be done and focus on "how" to do it.

This course guides ISSOs, Engineers, and System Administrators through the process of configuring systems to meet NIST 800-53 requirements and—crucially—how to document those configurations in the System Security Plan (SSP).

Workshop Curriculum

We deconstruct the controls to show you exactly how to implement them within complex IT environments. This is a practical, hands-on exploration of RMF Step 3.

Core Learning Objectives:

Strategic Planning: How to resource and plan for control implementation.
Traceability: Correlating technical configurations (STIGs) to policy requirements.
The SSP: Writing clear, concise control descriptions that pass assessment.
Inheritance: Understanding Common Controls (Hybrid, Inherited, System-Specific).
Documentation: Generating the evidence artifacts required for Step 4.
Holistic Security: Moving beyond "checklist compliance" to actual security.

Who Should Attend?

The Writers (ISSOs)

If you are responsible for the System Security Plan (SSP), this course teaches you how to describe how a control is met, ensuring your language satisfies the SCA.

The Builders (Engineers)

System Admins, DBAs, and Network Engineers who need to translate "Access Control" policy into actual router ACLs and Group Policy Objects.