This class is designed for key personnel responsible for the management and implementation of the NIST SP800-37 Certification and Accreditation process. This course will provide a practical and historical reference to all relevant legislation and guidance. In addition, interactive workshops during the course will engage students to directly participation, thus ensuring a higher degree of retention and focus on the DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the information assurance (IA) posture throughout the system's life cycle.
Note: This class can be easily tailored to meet the certification and accreditation needs of any organization.
Class Materials |
NIST SP800-37 C and A Process Materials |
Class Fee: $3,990
Time: 72 hrs
Learning Level: Entry
Contact Hours: 72 hr Lecture 0 Labs
Prerequisites: Understanding of TCP/IP Protocols
Credits: 72 CPE / 3 CEU
Method of Delivery: Residential (100% face-to-face) or Hybrid
Instructor: TBD
Method of Evaluation: 95 % attendance 100 % completion of Lab
Grading: Pass = Attendance + Labs & Practical Fail > 95% Attendance
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Text Materials: labs, SU Pen Testing Materials, resource CD’s and attack handouts. Machines a Dual Core 4M Ram, 350 Gig drives,
running MS OS, linux, and VMWare Workstation.
Who Should Attend Information Systems Security Operations - Oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for an information system or program. Advises the Authorizing Official (AO), an information system owner, or the Chief Information Security Officer (CISO) on the security of an information system or program, Information Security Analysts, Consultants and Contractors; Security and Certification Officials responsible for developing C&A packages
KU outcomes:
- Students will be able to describe the DoD system certification and accreditation processes.
- Students will be able to define certification and accreditation.
Scope & Objectives 52 hrs lecture/ 20 hrs labs
Conduct a Non-Technical Assessment of Information Security
Review Documentation and the Origin of Specific Requirements
Evaluation of System Architecture Including Defense-in-Depth (DiD)
Coordinating and Identifying Collateral Resources to Facilitate the C&A Process
Constructing and Tailoring the C&A Plan
Consolidating C&A Collateral Documentation
Preparing Security Test and Evaluation Plans and Correlating Testing
Identifying Evaluation Techniques
The following outlines the scope and objectives for SU's Certification and Accreditation Workshop.
Business Needs / Course Goals for C&A DITSCAP Process 52 hrs Lecture 20 hr Labs
Understanding Roles & Responsibilities
Phases 1-4 of C&A
Phases 1-9 of RA
Classification of System Understanding Legislation FISMA, SOX 404, HIPAA
Understanding C&A in Lifecycle
Development phase to RA and C&A
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the information assurance (IA) posture throughout the system's life cycle.
One major change in DIACAP from DITSCAP is the embracing of the idea of information assurance controls (defined in DoDD 8500.1 and DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's mission assurance category (MAC) and confidentiality level (CL).
Process
System Identification Profile Lesson 1 8hrs
DIACAP Implementation Plan Lesson 2 8hrs
Validation
Certification Determination Lesson 3 4hrs
DIACAP Scorecard Lesson3 4hrs
POA&M Lesson 4 8hrs
Authorization to Operate Decision Lesson 5 4hrs
Residual Risk Acceptance Lesson 5 2hrs 2hr Exam
References
- DIACAP Guidance at the DoD Information Assurance Support Environment
- DIACAP Knowledge Service (requires DoD PKI certificate)
- Full list of DIACAP Phases with instructions at GovITwiki.
- DPT. Of Defense Instruction 8510.01: DoD Information Assurance Certification and Accreditation Process
- Department of Defense Directive 8500.1: Information Assurance (IA)
- Department of Defense Instruction 8500.2: Information Assurance (IA) Implementation
Grades -All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. However, what ultimately matters in this course is not so much where you end up relative to your classmates but where you end up relative to yourself in on Friday of class. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while your mitigating the threat step by step. Books - No books are required for this course. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below.
