Implement the New NIST RMF Standards and Meet the 2022 FISMA Metrics




Day 1
8:00AM Seminar Overview and Introductions
8:30AM Review of New Requirements – Presidential, OMB, DHS and NIST
  • President’s Executive Order 14028
  • OMB Memos and Directives – 2021 FISMA Guidance, Privacy Reporting and On-Going Authorization, A-130
  • DHS Binding Operational Directives (BODs) and Emergency Directives (EDs)
  • Risk Management Framework (RMF) – SP800-37
  • Cybersecurity Framework (CSF) – NIST CSF
  • System Development Lifecycle (SDLC) – SP800-64
  • System Security Engineer Framework (SSEF) – SP800-160
  • High Value Assets (HVA) and Unclassified Controlled Information (UCI) Frameworks – OMB M-17-09 and SP800-171
 9:50AM Morning Break
 10:00AM NIST Special Publications Update
  Guest Speaker: Information Security Specialist, National Institute of Standards and Technology (NIST)
11:10AM Authorization Boundary Identification
  • Attendee Real-World System Identification
  • Authorization Boundary Identification Exercise
 12:00PM Lunch Break
 1:00PM DHS Cybersecurity Initiatives Update
  Guest Speaker: Cyber Security Division (CSD), U.S. Department of Homeland Security (DHS)
   2:00PM Afternoon Break
   2:10PM System Categorization
  • Categorize Real-World System Exercise
  • Boundary and Control Review
2:45PM Simplified Risk Assessments
  • Risk Modeling:  Quantitative, Qualitative, and Hybrid – SP800-30/SP800-39
  • Categorization – FIPS-199/SP800-60
  • System Maximum Impact Level – SP800-30/SP800-39/SP800-60
  • Security Control Baseline/Best Practices – FIPS 200/SP800-53
  • Zero-Trust Architecture
4:00PM Adjourn
Day 2
8:00AM Security Controls (SP800-53 and SP800-53B)

  • Families
  • Specific, Common and Hybrid
  • Tailoring
9:00AM Security Control Exercises
  • Specific, Common and Hybrid Security Control Exercises
 10:00AM Morning Break
 10:10AM Tailoring and Compensating Control Exercises  
 11:00AM Leverage Government Initiatives
  • Security Content Automation Protocol (SCAP)
  • DoD Host-Based Security System (HBSS) Solutions
  • Assured Compliance Assessment Solution (ACAS)
  • Continuous Diagnostics and Mitigation (CDM) Program
  • Continuous Monitoring Dashboard
  • Bonding Operational Directives (BOD), EINSTEIN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene
  • Reviews
 12:00PM Lunch Break
1:00PM Clouds and Security Services
1:30PM Cloud Accreditation and Reaccreditation Processes – FedRAMP
  Guest Speaker: Technology Transformation Service, Federal Risk Accreditation Management Program (FedRAMP) Office
2:15PM Afternoon Break
2:30PM Security Plans – SP800-18
  • Operations Manual and System Security Plan (SSP) – SP800-18
  • Security-focused Configuration Management Plan (SecCMP) – SP800-128
  • Patch Management Plan (PMP) – SP800-40
  • Information Security Control Monitoring Plan (ISCMP) – SP800-137
  • Incident Response Plan (IRP) – SP800-61/SP800-83
  • Contingency Plan (CP) – SP800-34
  • Cybersecurity Framework and Privacy Control Framework
3:30PM Endpoint Detection and Response (EDR)
3:50PM Summary
4:00PM Adjourn
Note: Many products will be noted, but noting them is not an endorsement.