Assessing Risk and Applying Security Controls to NISP Systems CS301.01

Note: CDSE will review the local and DOD COVID-19 restrictions within 30 days of each instructor-led course and may cancel the course based on the results. In this case, the CDSE Registrar’s Office will notify students to reschedule for a future offering.

Description: This course provides students with guidance on applying policies and standards used throughout the U.S. Government to protect information within computer systems, as delineated by the Risk Management Framework (RMF) process. This course will also provide a comprehensive understanding of contractor requirements under the National Industrial Security Program (NISP).

The course is administered through eLearning prerequisites and Instructor-led training.

Course Resources: N/A

Learning Objectives: This course is designed to teach participants how to:

  • Develop and maintain a comprehensive risk assessment report based on an ongoing risk assessment of the system environment.
  • Apply organizational resources to execute a robust information system (IS) security program in alignment with RMF requirements.
  • Select, implement, and assess appropriate security controls that protect the IS based on the identified risk to the system.
  • Implement and oversee procedures and measures for IS incident handling, response, and reporting.
    • Ensure insider threat awareness is addressed within the cleared contractor’s IS programs.
    • Ensure user activity monitoring data is analyzed, stored, and protected in accordance with established policies and procedures.
  • Develop and submit system security packages and supporting artifacts using the Enterprise Mission Assurance Support Service (eMASS), appropriately documenting and justifying all selected system controls.
    • Develop and maintain Plan of Action and Milestones (POA&Ms) in order to identify IS weaknesses, mitigating actions, resources, and timelines for corrective actions.
    • Submit the system security plan (SSP) and supporting artifacts to the Information Systems Security Professional (ISSP) using eMASS for the Authorizing Official’s (AO) review and consideration.
  • Implement continuous monitoring procedures and tools to identify and report system vulnerabilities, threats, and anomalies as necessary.
    • Collect and analyze audit records in accordance with the SSP.
    • Develop, maintain, and execute the Continuous Monitoring Strategy.

Delivery Method: Instructor-led

Length: 5 days

Target Audience: The target audience for this training includes Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and Facility Security Officers (FSOs) involved in the planning, management, and execution of physical security programs for cleared industry.

Number of Students per Course: N/A


  • Clearance Requirements: N/A
  • Attendance Requirements:N/A
  • Exam Requirements: Students must earn a 75% passing score on the exam.

Prerequisites: Successful completion of the following eLearning courses:

  • CS150.16 – Introduction to the NISP RMF A&A Process
  • CS250.16 – Applying A&A in the NISP
  • CS300.06 – Technical Implementation of A&A in the NISP

Credits Recommended/Earned:

  • ACE Credit Recommendation: (What's this?): N/A
  • Professional Development Units per SPēD: N/A

System Requirements: Check if your system is configured appropriately to use STEPP.


CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.

Course Schedule

Dec 06-10, 2021 (Linthicum, MD) Cancelled 

Mar 21-25, 2022 (Linthicum, MD)

Jun 27-Jul 01, 2022 (Linthicum, MD)

Sep 12-15, 2022 (Linthicum, MD)

Quick Links

Take this course external link icon

Technical support external link icon

Content related questions