Independent Testing for Risk Management Framework (RMF) Assessment Test Plan (ATP) (CPE = 20 hours)

Description

This course describes the method by which the security controls will be assessed.  In addition, the test methodology, test procedures, and test tools are described to ensure consistency and repeatability of the assessment process.  The execution of this plan provides the assessment results, which are used as the basis for the decision by the Authorizing Official.

This course is primarily aimed at Information Assurance (IA) and Cyber Professionals that have been given the task of assessing or auditing the cyber profile of their assets.  However, not all organizations have the luxury of a having a formally trained, full-time IA/Cyber expert on-staff.  In many cases, programmers, network engineers, system administrators, managers and even users are given the undoubting task of performing security duties.  This course attempts to address the subject in a way that fulfills the needs of all of you, regardless of your level of experience.

Independent Testing, ATP, Overview

1. Introduction
2. Terminology
3. Threat, Vulnerability, and Risk
4. Applicable Laws, Policies, Directives, and Standards
5. Roles and Responsibilities
6. Risk Management Framework (RMF)
7. Assessment Environment
8. Assessment Methodology
9. RMF Phase I - Implementation
10. RMF Phase II - Assessment
11. RMF Phase III - Authorization
12. RMF Phase IV - Continuous Monitoring