Assessing Risk and Applying Security Controls to NISP Systems CS301.01

Note: CDSE will review the local and DOD COVID-19 restrictions within 30 days of each instructor-led course and may cancel the course based on the results. In this case, the CDSE Registrar’s Office will notify students to reschedule for a future offering.

Description: This course provides students with guidance on applying policies and standards used throughout the U.S. Government to protect information within computer systems, as delineated by the Risk Management Framework (RMF) process. This course will also provide a comprehensive understanding of contractor requirements under the National Industrial Security Program (NISP).

The course is administered through eLearning prerequisites and Instructor-led training.

Course Resources: N/A

Learning Objectives: This course is designed to teach participants how to:

  • Develop and maintain a comprehensive risk assessment report based on an ongoing risk assessment of the system environment.
  • Apply organizational resources to execute a robust information system (IS) security program in alignment with RMF requirements.
  • Select, implement, and assess appropriate security controls that protect the IS based on the identified risk to the system.
  • Implement and oversee procedures and measures for IS incident handling, response, and reporting.
    • Ensure insider threat awareness is addressed within the cleared contractor’s IS programs.
    • Ensure user activity monitoring data is analyzed, stored, and protected in accordance with established policies and procedures.
  • Develop and submit system security packages and supporting artifacts using the Enterprise Mission Assurance Support Service (eMASS), appropriately documenting and justifying all selected system controls.
    • Develop and maintain Plan of Action and Milestones (POA&Ms) in order to identify IS weaknesses, mitigating actions, resources, and timelines for corrective actions.
    • Submit the system security plan (SSP) and supporting artifacts to the Information Systems Security Professional (ISSP) using eMASS for the Authorizing Official’s (AO) review and consideration.
  • Implement continuous monitoring procedures and tools to identify and report system vulnerabilities, threats, and anomalies as necessary.
    • Collect and analyze audit records in accordance with the SSP.
    • Develop, maintain, and execute the Continuous Monitoring Strategy.

Delivery Method: Instructor-led

Length: 5 days

Target Audience: The target audience for this training includes Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and Facility Security Officers (FSOs) involved in the planning, management, and execution of security programs for cleared industry.

Number of Students per Course: N/A


  • Clearance Requirements: N/A
  • Attendance Requirements: Full-time attendance
  • Exam Requirements: Students must earn a 75 percent cumulative grade average of all the practical exercises, quizzes, and exams.

Prerequisites: Successful completion of the following eLearning courses:

  • CS150.16 – Introduction to the NISP RMF A&A Process
  • CS250.16 – Applying A&A in the NISP
  • CS300.06 – Technical Implementation of A&A in the NISP

Credits Recommended/Earned:

System Requirements: Check if your system is configured appropriately to use STEPP.


CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.

Course Schedule

Sep 12-16, 2022 (Linthicum, MD) Cancelled
Dec 05-09, 2022 (Linthicum, MD) Registration Closed
Mar 20-24, 2023 (Linthicum, MD)
Jun 05-09, 2023 (Linthicum, MD)
Aug 21-25, 2023 (Linthicum, MD)

Quick Links

Take this course external link icon

Technical support external link icon

Content related questions