Center for Qualified CyberSecurity Excellence & Mastery

"Where Qualified Cyber Education Happens"

This class is designed for key personnel responsible for the management and implementation of the NIST SP800-37 Certification and Accreditation process. This course will provide a practical and historical reference to all relevant legislation and guidance. In addition, interactive workshops during the course will engage students to directly participation, thus ensuring a higher degree of retention and focus.  Note: This class can be easily tailored to meet the certification and accreditation needs of any organization.

Class Fee: $3,990
Time: 72 hrs
Learning Level: Entry to Intermediate
Contact Hours: 72 hr Lecture 22 hr labs
Prerequisites: Understanding of TCP/IP Protocols
Credits: 72 CPE / 3 CEU 4012, 4015, 4016A
Method of Delivery: Residential (100% face-to-face) or Hybrid
Instructor: TBD
Method of Evaluation: 95 % attendance 2. 100 % completion of Lab
Grading: Pass = Attendance+ labs & quizzes Fail > 95% Attendance

Sample Job Titles:
Information Systems Security Engineer
Intrusion Detection System (IDS) Administrator
Intrusion Detection System (IDS) Engineer
Intrusion Detection System (IDS) Technician
Network Administrator/Network Analyst
Network Security Engineer/ Network Security Specialist/ Security Analyst
Security Engineer/ Security Specialist
Systems Security Engineer

This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.

Who Should Attend Enterprise Network Defense (END) Infrastructure Support - Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware, software, and documentation that are required to effectively manage network defense resources. Monitors the network to actively remediate unauthorized activities. DoD Information Security and IT managers; Information Assurance Officers and Managers; Information Security Analysts, Consultants and Contractors; Security and Certification Officials responsible for developing C&A packages
Text Materials: labs, SU Pen Testing Materials, resource CD’s and attack handouts.
Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation

KU outcomes:

Learning Objectives 50 hrs lecture/ 22 hrs labs
•Information System Security Administration, Management, Program Implementation and Documenting Mission Needs.
•Analyzing, Assessing, Measuring, Managing and Mitigating IS Threats, Vulnerabilities and Associated Risks.
•Legal Issues, Intrusion Forensics and Incident Response, Intrusion Prevention, Detection, Response, Recovery & Reporting.
•Physical, System, Data Access Control.
•Life-Cycle Security & Life-Cycle Management in Defending the Information Environment (Information Operations).
•Configuration Management, Consequence Management, Contingency and Disaster Recovery Planning (BCP)).
•Certification, Evaluation and Network Security Certification and Accreditation (C&A).
•System Certification Requirements including Policies, Processes, Procedures and Protocols.
•Fundamentals of Threat/ Vulnerability Analysis and Risk Management
•Countermeasure IS and Assessment
•Certification and Accreditation of systems
•Testing And Evaluation

The following outlines the scope and objectives for SU's Certification and Accreditation Workshop.

Business Needs / Course Goals for C&A  1 hrs Lecture  0 hr Labs
 Understanding Roles & Responsibilities
Phases 1-4 of C&A
Phases 1-9 of RA
Classification of System
Understanding Legislation
Understanding C&A in Lifecycle
Development phase to RA and C&A
Identifying Risk Assessment in C&A
Boundary Accreditation in a system environment
Identifying a system boundary
Accreditation Decision Model
Communicate what transpires in delivering a decision; IATO, Full Accreditation, Do Not Accredit
FISMA Scorecard
Positive and negative impacts
17 Baseline Management, Operational, & Technical Policies
Understanding policy source, relationships, procedures, controls, and testing

Levels of Certification and Starting the Review
At the beginning of a C&A project, the C&A team determines the impact of a loss of confidentiality, Integrity, or availability of the
system,  based on this impact level and guidance in the following documents, the C&A package is built.
•FIPS Publication 199 Standards for Security Categorization of Federal Information and Information Systems
•Special Publication 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories Volume I Volume II

The outcome of the C&A process is to put together a collection of documents that describe the security posture of the systems, an evaluation of the risks, and recommendations for correcting deficiencies. It is what's known as a Certification Package. A typical Certification Package usually consists of a minimum of half a dozen documents, though more documentation may be required if the systems contain classified information or highly sensitive data. Each agency is responsible for defining their own C&A process and it must be well-documented in the form of a Handbook. The C&A Handbook is based on one of the three well-known methodologies (NIST, DITSCAP, or NIACAP) with various customizations that are unique for each particular agency. Preparing the C&A package is sometimes referred to as a C&A Review.

Once a Certification Package has been prepared, Mission Assurance auditors review the package and then make decisions on whether or not the systems should be accredited according to the proposed recommendation. All federal agencies must obtain an Authority to Operation (ATO) before their systems can be legitimately and legally used for production purposes.

If the Certification Package does not appear to contain the right information, or if the information reported in the package is considered unacceptable (for example, if there are unacceptable risks cited with inappropriate safeguards to mitigate the risks) the agency may be given an Interim Authority to Operation (IATO), which allows them to operate their systems for usually three months while they correct their deficiencies.

What You Will Learn
The Q/CA RMF examination tests the breadth and depth of a candidate’s knowledge by focusing on the seven domains which comprise   the Q/CA RMF exam and be prepared for the CAP CBK®, taxonomy of information security topics:
Understanding the Security Authorization of Information Systems
Categorize Information Systems
Establish the Security Control Baseline
Apply Security Controls
Assess Security Controls
Authorize Information System
Monitor Security Controls

The ideal candidate should have experience, skills or knowledge in any of the following areas:  
IT Security   
Information Assurance
Information Risk Management
Systems Administration
One - two years of general technical experience
Two years of general systems experience
One - two years of database/systems development/network experience
Information Security Policy
Technical or auditing experience within government, DoD the financial or health care industries, and/or auditing firms
Strong familiarity with NIST documentation

Upon the completion of our Q/CA Course, students will know how to: The goal of the course is to prepare professionals for the challenges of authorization and accreditation concepts and functions. Our program will provide you with a quick and proven method for mastering this huge range of knowledge. Depending on the requirements of the particular agency, other documents or variations of these particular documents may also be required. NIST publishes an excellent collection of documents that provide guidance for the C&A review that will explain what sort of information should be reported in each of the required documents.

To qualify for the Q/CA® credential, a candidate must: The Q/CA candidate must have a minimum of two years of direct full-time security professional work experience in Certification and Accreditation of systems. Valid professional experience includes the direct application of appropriate certification and accreditation, knowledge in certification and accreditation related work performed as a practitioner, auditor, consultant, vendor, investigator or instructor.



Grades - All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while your mitigating the threat step by step.

Books - No books are required for this course. However, you may want to supplement your preparation for class.