Technical Implementation of Assessment & Authorization in the NISP CS300.06

Description: This course is the last in a series of three courses focusing on the Assessment and Authorization (A&A) of information systems under the National Industrial Security Program (NISP). It focuses more on technical aspects of the A&A process and guides students on assessing the system using the Security Content Automation Protocol (SCAP) Compliance Checker, Security Technical Implementation Guides (STIGs), and STIG Viewer.

Course Resources: Access this course's resources

Learning Objectives: This course is designed to enable students to:

  • Install and properly configure the SCAP Compliance Checker and STIG Viewer
  • Perform the steps used to conduct a SCAP scan to assess risks to information systems
  • Identify mitigation strategies of a known vulnerability
  • Identify unmitigated vulnerabilities required to be included in a Plan of Action & Milestones (POA&M)

Delivery Method: eLearning

Length: 60 minutes

Target Audience: Security personnel tasked with implementation and oversight of cybersecurity and associated A&A requirements within the networked environment.

These personnel have the following roles:

  • Information System Security Manager (ISSM)
  • Facility Security Officer (FSO)
  • Information System Security Officer (ISSO)
  • Information System Security Professional (ISSP)
  • Information Technology (IT) and Industrial Security personnel


  • General Requirements: N/A
  • Clearance Requirements: N/A
  • Attendance Requirements: N/A
  • Exam Requirements: A passing score of 75% on the final exam allows students to print a certificate of successful completion.

Prerequisites: N/A

Credits Recommended/Earned:

System Requirements: Check if your system is configured appropriately to use STEPP.

CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.