Security Controls Workshops (Step 3 & 4)

The most difficult parts of RMF are Step 3 (Implement) and Step 4 (Assess). We now offer this training in three flexible formats to suit your needs: take the Implementation course, the Assessment course, or the combined 4-Day Masterclass for total mastery.

Security Control Implementation Workshop

2 Days

Step 3: Implement

The Security Controls Implementation Workshop is an in-depth dive into Step 3 of the Risk Management Framework process: Implement Security Controls. The course takes the student through the entire process, concentrating on key areas of the process. Upon completion, the student can confidently return to their respective organizations and ensure the highest level of success for the most difficult part of the RMF process.

Key Areas Covered:

In-depth project planning for controls implementation.
The concept of Traceability.
The concept of “Holistic Security”.
Documenting test results the right way.
The role of STIGs in the process.
Critical security controls review.

Security Control Assessment Workshop

2 Days

Step 4: Assess

The Security Controls Assessment Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls using the tiered risk management approach.

The goal of the assessment activity is to determine the extent to which the controls are: implemented correctly, operating as intended, and producing the desired outcome.

Course Outline:

Review of the SCA role in RMF
Assessment Criteria & Requirements
Assessing Controls – The Process
Managerial Control Reviews
Technical Control Reviews
Security Control Assessment Reporting

Security Control Implementation & Assessment Workshop

4 Days

Best Value Bundle

The Security Controls Implementation and Assessment Workshop is a 4-day class consisting of both the Implementation Workshop and the Assessment Workshop. This bundle gives students the information they need to complete steps 3 & 4 of the Risk Management Framework. Both courses were developed in tandem to complement each other providing students an advanced understanding of security controls implementation and assessment in a four-day bundle.

Who Should Attend?

This training is intended to serve DoD personnel and supporting contractors who have a responsibility to implement and/or assess security posture by evaluating RMF security Controls. There is no pre-requisite but RMF training is highly suggested.

The Writers (ISSOs)

Those who must write the System Security Plan (SSP) and describe how a control is met.

The Testers (SCAs)

Assessors and Auditors who need to develop valid test plans to verify compliance.

Control Owners

Subject Matter Experts (SMEs) responsible for the specific technology (DBAs, Network Admins).

Frequently Asked Questions

Can I take just one of the 2-day workshops?

Yes. If you only require training on Implementation (Step 3) or Assessment (Step 4), you may register for those individually. However, the 4-day bundle offers the most comprehensive understanding of how the two steps interact.

Do you cover NIST 800-53 Rev 4 or Rev 5?

We cover both. The industry is currently transitioning. We highlight the major changes in Rev 5 (privacy integration, supply chain) while ensuring you can still support legacy Rev 4 systems.

Security Controls Implementation & Assessment Workshops

Security Control Implementation Workshop

Key Areas Covered:

Security Control Assessment Workshop

Course Outline:

Security Control Implementation & Assessment Workshop

Who Should Attend?

The Writers (ISSOs)

The Testers (SCAs)

Control Owners

Frequently Asked Questions

Register for a Session

4-Day Bundle (Step 3 & 4)

Implementation (2 Days)

Assessment (2 Days)

Need a Private Session?