November 5-6, 2018

Implementing 2018 FISMA & Federal Cybersecurity Changes


If you work for a Federal Agency, the Military, or supporting contractor organization, this 2-day non-technical training seminar will cover all the recently released Cyber Policy and Regulations covering the concepts, processes, solutions, templates, and strategies to help you meet all the FISMA and related cybersecurity requirements.

The May 2017 Presidential Executive Order (PEO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure instructed each agency to “use The Cyber Security Framework” developed by the National Institute of Standards and Technology (NIST) in an attempt to improve Risk Management.  On May 19, 2017 OMB issued M-17-25 outlining a number of actions to enhance cybersecurity across federal agencies.  NIST is also in process of updating both the Risk Management Framework (RMF – SP800-37, Rev 2) and System and Privacy Control Catalog (SP800-53, Rev 5) guidance.  With all this new information and proposed changes, what will you be required to implement to your existing documents and procedures?  This seminar will put these developments into perspective and provide effective strategies for complying with the changes.

Additionally, this training seminar will identify new opportunities for innovative processes, controls, products and services necessary to support these Presidential and NIST changes.

The seminar will review of all the requirements, which include the following:

OMB Circular A-130:  On-going authorization, eliminate inefficient and wasteful reporting, leveraging the Cybersecurity Framework, new incident response reporting

DHS Secretary Binding Operational Directives (BOD):  BOD-16-1 – Security High Value Assets (HVA) and BOD-16-2 – Threat to Network Infrastructure Devices

FISMA Metrics:  Chief Information Officer (CIO), Inspector General (IG), and Senior Agency Official for Privacy (SAOP)

Frameworks:  System Development Life Cycle (SDLC), Risk Management Framework (RMF), Department of Defense (DoD) RMF, Cybersecurity Framework (CSF), System Security Engineering Framework (SSEF)

Guidance:  CSF, SP800-37 Rev 2, SP800-53 Rev 5, Automation Support for Ongoing Assessment (NISTIR 8011), NIST Cybersecurity Practice Guides (SP1800 Series)

Automation:  Continuous Diagnostic Mediation (CDM) Solutions and Dashboard, Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), and Security Content Automation Protocol (SCAP).

DHS Activities:  EINSTIEN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene Reviews.

Clouds:  Federal Risk and Authorization Management Program (FedRAMP).

Guest speakers from NIST and DHS will be providing current information and guidance related to trends and the new FISMA reporting metrics, processes, standards, solutions, and requirements, current and future.  Jim Litchko, CISSP-ISSEP, the seminar instructor, brings real-world practical experience from supporting over 300 FISMA Agency, Military, Intelligence, and Commercial authorizations and continuous monitoring programs for systems in military, public and private sectors.  Additionally, he brings 20 years of experience in developing and selling security products and services to the public and private sectors.

Bottom Line – This training seminar will make sense of all the recent changes and assist class participants in implementing the changes to successfully meet your FY18 RMF security and FISMA Metrics.

The course was built on the popular 2-day Meeting FISMA Requirements course that has been taught for the past seven years.  All exercises are new to ensure they relate to current systems and solutions use practical strategies for leveraging recent changes into meeting your individual and enterprise FISMA responsibilities in FY18.  Attendees will gain a practical understanding of the strategies by working real-world examples during group activities and by reviewing actual samples of key FISMA documents.

Course Attendees Will

  • Gain an understanding of the cybersecurity frameworks, updated requirements and processes
  • Understand how the new Presidential and NIST changes and requirements will affect their security programs
  • Receive strategies on how to leverage these changes to improve their security and make their FISMA efforts more effective
  • Learn how to conduct a risk assessment and use the results to identity and justify more effective security solutions and gain additional resources
  • Understand the CDM, SCAP, HBSS, and ACAS automated security solutions for meeting the President’s and OMB ISCM implementation requirements
  • Review and obtain a real-world example of solutions and reference documents
  • Identify new opportunities for innovative processes, controls, products, and services necessary to support these Presidential and NIST changes.

Learning objectives

The learning objectives for this two-day, Executive, Manager and Operations Level course, are broad-ranging and include a number of concepts and strategies, including understanding the

  • Requirements of the new Presidential, FISMA and NIST requirements
  • Updated NIST CSF, Risk Management Framework (RMF – SP800-37, Rev 2), Security and Privacy Controls Catalog (SP800-53, Rev 5), and others
  • EINSTIEN, TIC, MTIPS, CDM, HBSS and ACAS solutions
  • Potential strategies for effectively meeting the new requirements
  • Methods for reducing the amount of resources and paperwork
  • New opportunities for innovative processes, controls, products and services necessary to support these Presidential and NIST changes

Course Instructor

James Litchko, CISSP-ISSEP, CAP, MBCI, CMAS, Senior Security Expert, Litchko & Associates, Inc.

James LitchkoMr. Litchko has been working as a security expert for over 30 years.  Jim created and taught the first graduate computer security course as an adjunct professor at Johns Hopkins University for ten years, military officer for twenty years, and was a project manager and executive at NSA for five years.  He has supervised and supported the securing of over 300 military, government and commercial IT systems.  Over the past seven years alone, he has supported the securing of IT systems at DHS, VHA, NASA, DOE, EPA, GAO, USDA, USAF, DOJ, and FEMA.  

Currently, he is a senior security expert for Litchko & Associates and is a Certified (ISC)2 Instructor teaching the CISSP, Engineering Professional (ISSEP), and Certified Authorization Professional (CAP) review courses, and the DIACAP and Continuous Monitoring courses for (ISC)2, Global Knowledge, Digital Government Institute, and Johns Hopkins University.  

A student of Ken Blanchard, Ph.D., the author of The One-Minute Manager®, Jim holds a Masters degree from Johns Hopkins University and has authored five books on security and management topics, to include:   FY2016 DoD RMF Manual, FY2016 FISMA Authorization Process Guide: A Review for the (ISC)2® CAP® Certification Exam, KNOW IT Security, KNOW Your Life, 2010 Official DIACAP for Global Knowledge, and co-authored (ISC)2’s Official Information System Security Management Professional, Cyber Threat Levels Response Handbook, and Know Cyber Risk. Soon to be released, Implementing Practical Cybersecurity.




VA Tech Northern Virginia Center

7054 Haycock Road

Falls Church, VA


Early Bird Government: $995 (ends October 26)

Early Bird Industry: $1,095 (ends October 26)


PMI® PMPs will earn 11 PDUs for attending this Training Seminar.

SSCP, CISSP, ISSEP, ISSMP, ISSAP, CSSLP or CAP credential holders from (ISC)2 can receive 11 Continuing Professional Education (CPE) credits. Credential holders must enter their CPE credits in the usual manner on the (ISC)2 website.

CISA, CISM, CRISC and CGEIT credential holders from ISACA can earn 11 CPE credits.  (Any course that pertains to at least one of the job practice areas of the certification will qualify for CPEs. It is up to the certified person to determine if the course or activity qualifies for CPE.)

Why attend?

Explore in a vendor-neutral, interactive, academic setting and learn how to effectively implement RMF, meet the new DHS, DOD, OMB and NIST FISMA requirements, and use practical strategies and automated tools in your organization to increase the security of your IT systems.

What Past Attendees said:

“I learned a lot and was able to ask questions about specific issues after class.”

“I’ve attended other related training and this was by far the best value.”

“Litchko is seasoned and really good at maintaining interest.”

PMI, PMP are registered trademarks of The Project Management Institute.