Assessing Risk and Applying Security Controls to NISP Systems CS301.01

Description: This course provides students with guidance on applying policies and standards used throughout the U.S. Government to protect information within computer systems, as delineated by the Risk Management Framework (RMF) process. This course will also provide a comprehensive understanding of contractor requirements under the National Industrial Security Program (NISP).

The course is administered through eLearning prerequisites and Instructor-led training.

Course Resources: N/A

Learning Objectives: This course is designed to teach participants how to:

  • Develop and maintain a comprehensive risk assessment report based on an ongoing risk assessment of the system environment.
  • Apply organizational resources to execute a robust information system (IS) security program in alignment with RMF requirements.
  • Select, implement, and assess appropriate security controls that protect the IS based on the identified risk to the system.
  • Implement and oversee procedures and measures for IS incident handling, response, and reporting.
    • Ensure insider threat awareness is addressed within the cleared contractor’s IS programs.
    • Ensure user activity monitoring data is analyzed, stored, and protected in accordance with established policies and procedures.
  • Develop and submit system security packages and supporting artifacts using the Enterprise Mission Assurance Support Service (eMASS), appropriately documenting and justifying all selected system controls.
    • Develop and maintain Plan of Action and Milestones (POA&Ms) in order to identify IS weaknesses, mitigating actions, resources, and timelines for corrective actions.
    • Submit the system security plan (SSP) and supporting artifacts to the Information Systems Security Professional (ISSP) using eMASS for the Authorizing Official’s (AO) review and consideration.
  • Implement continuous monitoring procedures and tools to identify and report system vulnerabilities, threats, and anomalies as necessary.
    • Collect and analyze audit records in accordance with the SSP.
    • Develop, maintain, and execute the Continuous Monitoring Strategy.

Delivery Method: Instructor-led

Length: 5 days

Target Audience: The target audience for this training includes Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and Facility Security Officers (FSOs) involved in the planning, management, and execution of security programs for cleared industry.

Number of Students per Course: N/A


  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: Students must earn a 75% passing score on the exam.

Prerequisites: Successful completion of the following eLearning courses:

  • CS150.16 – Introduction to the NISP RMF A&A Process
  • CS250.16 – Applying A&A in the NISP
  • CS300.16 – Technical Implementation of A&A in the NISP

The following eLearning courses are highly recommended to enhance students’ understanding of topics that will be discussed in class:

  • IS128.16 – Preparing the DD Form 254
  • DISA100.06 – Enterprise Mission assurance Support Services (eMASS)

Credits Recommended/Earned:

System Requirements: Check if your system is configured appropriately to use STEPP.


CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.

Course Schedule

July 15 - 19, 2024 (Huntsville, AL)
Sep 09-13, 2024 (Linthicum, MD) 

Quick Links

Take this course external link icon

Technical support external link icon

Content related questions