Assess Security Controls
Develop a Security Assessment Plan (SAP)
- Elements for assessing required security controls
- Plan analysis
Complete a Security Controls Assessment (SCA)
- Use the lab and test case scenario
Complete a Security Assessment Report (SAR)
- Use the SCA to complete the SAR
Develop a Plan of Action and Milestones (POA&M)
- Identify remediation options
- Create the POA&M
Develop Authorization to Operate (ATO) Package
- Complete package compilation
Review of the ATO Package
- Determination and authorization of the information system from the point-of-view of the Authorizing Official (AO)
Apply the Information Security Continuous Monitoring (ISCM) Strategy
- Determine impact of system changes
- Review inherited controls
- Tailoring controls
Conduct the Decommission of a System
You Will Learn How To:
- Media remediation and other aspects of system decommission
Important Course Information
- Analyze and develop a plan to assess security controls
- Analyze and develop a Security Assessment Plan (SAP) for assessing required security controls
- Complete a Security Controls Assessment (SCA) as part of NIST RMF Step 4
- Complete a Security Assessment report (SAR) based on the SCA
- Identify remediation options as part of the development of a Plan of Action and Milestones (POA&M)
- Develop Authorization to Operate (ATO) package
- Review the ATO package to make determination and authorization of the information system from the point-of-view of the Authorizing Official (AO) as part of NIST RMF Step 5
- Determine the impact of system changes and apply the Information Security Continuous Monitoring (ISCM) strategy as part of NIST Step 6
- Conduct the decommission of a system as part of NIST Step 6
Exam Entry Criteria
Cloud Security and Rish Management Course Description
In this virtual practicum, students continue to utilize the NIST Risk Management Framework/ FedRAMP for risk management of the integrated enterprise/cloud system. They demonstrate capabilities to evaluate system security and analyze system assessment reports to make recommendations for a Plan of Action & Milestones (POA&M), as well as to comply with Authorization to Operate (ATO) package requirements and develop an Information Security Continuous Monitoring (ISCM) strategy.
- Security Assessment Plan
- Security Assessment Report
- Security Authorization Package
- ISCM Strategy
- System Decommissioning
- Recommendations based on completed assessment and authorization project for the enterprise/cloud system
Attendees must take the five courses in the CCRMP certification course series in order. Before attending this course, attendees must first successfully complete the following courses:
The flexible, online 8-week course schedule enables you to collaborate with your instructor and fellow students to acquire the cloud security risk management expertise employers seek.
Asynchronous Threaded Discussions
Each week’s discussion threads focus on a specific cloud security risk management concept. You can participate in these discussions anytime, anywhere as you interact with your instructor and fellow students online.
Four Live Virtual Seminars
At 10 a.m. ET on alternate Saturdays you will participate in live-online interactive sessions led by your expert, practitioner instructor. Recordings of each session will be available to you.
Virtual Office Hours
To further enhance your learning experience, you may communicate with your instructor during weekly virtual office hours.
- Broad, J. (2013). Risk Management Framework: A Lab-Based Approach to Securing Information Systems. Imprint: Syngress.
E-Book ISBN: 9780124047235
Print Book ISBN: 9781597499958
Cost: $50.00 USD
- NIST RMF Practicum II Lab access and Lab Manual (Purchase through MCI)
- The course also contains links to a Course Webliography for required readings.
Students will work with their NIST RMF/FedRAMP practitioner instructor to produce NIST RMF/FedRAMP projects by participating in weekly virtual discussions, as well as completing weekly assignments and project reports. They will attend bi-weekly, live virtual seminars led by their instructor.
- Access to Microsoft Office, including Word, Excel, and a PDF reader.
- Access to high-speed internet connection.
- A headset with microphone is recommended; using built-in speakers/microphone causes echo issues. Headsets give participants complete interaction with the instructor and other students.
Become a Job-Ready Certified Cloud Risk Management Professional (CCRMP). To prevent the $2.1T in projected cyber breaches, employers need Certified Cloud Risk Management Professionals who have demonstrated they can implement the NIST Risk Management Framework and FedRAMP. The NIST Risk Management Framework (RMF) and the Federal Risk and authorization Management Program (FedRAMP) are the de facto standards utilized for cloud security risk management in the U.S. today.
To address accelerating cyber staffing shortages, Mission Critical Institute (MCI) established the CCRMP to provide employers and candidates a performance-based cloud security certification.
As an MCI authorized training partner, Learning Tree can help you earn the CCRMP through five courses that ensure you acquire hands-on project experience in implementing the NIST RMF and FedRAMP.
This is the fourth of five courses that help you earn CCRMP certification.