Introduction to the NISP RMF A&A Process CS150.16

Description: This course introduces the National Industrial Security Program (NISP) Assessment and Authorization (A&A) Process.  The course provides training on the policies and standards used to protect information within computer systems in support of the Defense Counterintelligence and Security Agency's (DSS) mission.  In addition, the course identifies and defines the government and contractor roles and responsibilities.  It also includes the Risk Management Framework as it relates to the A&A Process.

Course Resources: Access this course's resources

Learning Objectives: This course is designed to enable students to:

  • Define A&A and the purpose of assessing and authorizing contractor information technology systems
  • Identify the legal, regulatory, and contractual requirements that govern the assessment and authorization process
  • Identify and define the government and contractor roles and responsibilities related to the A&A Process
  • Identify and define the components of the Risk Management Process
  • Identify key sources of risk
  • Identify and define security objectives, protection levels, and the need-to-know basis for confidentiality
  • Identify the relationship between system interconnection, information sharing, and securing classified information

Delivery Method: eLearning

Length: 2 hours

Target Audience: Department of Defense (DOD) information system users and other U.S. Government personnel and contractors within the NISP who have responsibility for evaluating information systems and certifying to the government that information systems meet security requirements


  • General Requirements: N/A
  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: A passing score of 75% on the final exam allows students to print a certificate of successful completion.

Prerequisites: N/A

Credits Recommended/Earned:

System Requirements: Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.