Technical Implementation of Assessment & Authorization in the NISP CS300.06
This course contains a final exam.
Description: This course is the last in a series of three courses focusing on the Assessment and Authorization (A&A) of information systems under the National Industrial Security Program (NISP). It focuses more on technical aspects of the A&A process and guides students on assessing the system using the Security Content Automation Protocol (SCAP) Compliance Checker, Security Technical Implementation Guides (STIGs), and STIG Viewer.
Course Resources: Access this course's resources
Learning Outcomes: This course is designed to enable students to:
- Install and properly configure the SCAP Compliance Checker and STIG Viewer
- Perform the steps used to conduct a SCAP scan to assess risks to information systems
- Identify mitigation strategies of a known vulnerability
- Identify unmitigated vulnerabilities required to be included in a Plan of Action & Milestones (POA&M)
Length: 60 minutes
Target Audience: Security personnel tasked with implementation and oversight of cybersecurity and associated A&A requirements within the networked environment.
These personnel have the following roles:
- Information System Security Manager (ISSM)
- Facility Security Officer (FSO)
- Information System Security Officer (ISSO)
- Information System Security Professional (ISSP)
- Information Technology (IT) and Industrial Security personnel
Number of Student per Course: N/A
- Clearance Requirement: N/A
- Attendance Requirement: N/A
- Exam Requirements:Students must earn a 75 percent grade average on the CS300.06 course exam.
- ACE Credit Recommendation: (What's this?) N/A
- Continuing Education Units per IACET: N/A
- Professional Development Units per SPeD: 3
Additional System Requirements: Check if your system is configured appropriately to use STEPP.
CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.