We’ve been hit, how can CyberDefenses help? Incident Hotline

Cyber Defenses Academy

Do it yourself NIST 800-171 Compliance Assessment

$495.00

Clear

Product Description

Controlled Unclassified Information (CUI) is at risk and the US Government is getting serious about protecting it. All contractors and sub-contractors that are in the business of providing goods and services to the government need to get serious too. Starting with Executive Order 13556 in 2010 and emphasized with the 2014 Federal Information Security Modernization Act (FISMA Reform) the government recognized problems in the supply chain that place Controlled Unclassified Information (CUI) at risk.

NIST Special Publication 800-171 r1 (December 2016) addresses these risks with 14 information security families and 110 information security controls that draw heavily from NIST 800-53. The Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) now imbed mandatory information security requirements directly into contracts with critical compliance dates as early as December 2017.

Join CyberDefenses to review these new federal requirements, discuss approaches to completing the initial assessment, address requirements and achieve compliance. Includes hands-on exercises on how to do the assessment, as well as providing students with needed templates for the required Plan of Actions & Milestones (POA&M) and the Self Attestation Documents.

Purchased alone, this course does not provide you with the full Policy Bundle that is necessary to begin implementation, after you take this class. Click here to include the Written Information Security Program Policy Bundle in your purchase.

Part 1: CUI – Brace yourself for the new federal contract cybersecurity reality
Part 1 includes understanding what Controlled Unclassified Information (CUI) is, why it’s important, the consequences for non-compliance and the multiple timelines for Federal and Defense focused contracts. Understand the compliance process starting with self-assessment, actions to achieve compliance and the new reality of maintaining compliance in the future. Learn to document your status with self-attestation.

Part 2: Build cybersecurity into your bottom line and keep your federal business
Part 2 includes a detailed review of the NIST 800-171 fourteen security families including 110 basic and derived security requirements. We’ll analyze how this specification matures your organization’s culture into a trained, policy and procedure driven workforce that protects the confidentiality of CUI you’re entrusted with.

Part 3: Conduct NIST 800-171 CUI Self-Assessment and create your POA&M
Part 3 includes procedures and analysis for the assessment process, including comprehensive underlying requirement details mandated by appendix D and the CUI specific categories and sub-categories in the CUI Registry. Analysis includes identifying compliance/non-compliance and understanding your security maturity relative to industry standards. Procedures include documenting your findings (i.e. non-compliant controls) and developing your Plan of Actions & Milestones (POA&M) to implement corrections.

Part 4: Build your CUI Self-Attestation and CUI Deliverables
Part 4 includes discussion of the multiple products and deliverables built into NIST 800-171 compliance. Each of these deliverables requires planning, people and resources. In addition to the self-attestation and POA&M, requirements include the Written Information Security Program (WISP), Configuration Management Plan (CMP), Information Security Continuous Monitoring (ISCM), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Security Awareness Program, Security Assessment Plan (SAP), Security Assessment Report (SAR), and the System Security Plan (SSP).

Course Objectives

In this course, you will learn about the high level requirements outlined in the NIST Special Publication 800-171. This course will prepare you to perform an assessment to determine whether your organization is compliant and provide you with the templates and tools required to complete it.

Target Student

This course is intended for IT practitioners, business owners and/or project managers with basic IT knowledge that are charged with understanding the impact of NIST 800-171 on their business.

Your Instructors

Dave Gray
Dave Gray is a CISSP, CAP and PMP certified CyberSecurity Leader skilled in securing information systems to achieve information Confidentiality, Integrity and Availability. Dave’s focus is Governance, Risk Management and Compliance (GRC) using information security frameworks established by the National Institute of Standards and Technology (NIST) and the Center for Information Security 20 Critical Security Controls. Dave’s focus area is NIST 800-171, NIST 800-53 and CIS CSC 20 implementation.

Jay McLaughlin
Jay brings nearly 20 years of industry experience in the realm of information technology and cyber security.

McLaughlin, a well-regarded thought leader, is known throughout the industry as a go-to expert for security. His dynamic, balanced, insightful presentations and writings cover topics from perimeter security to application layer security analytics.

He is highly visible and has been featured and quoted by various media outlets and in publications including ComputerWorld, CIO Magazine, CSO Magazine, Credit Union Times, Credit Union Magazine, American Banker, and the ABA Banking Journal. In addition, he has presented at or keynoted more than 30 industry events and conferences.

Jay is a CISSP (Certified Information Systems Security Professional) and holds a Bachelor of Science degree in Management Information Systems from the University of Central Florida.

Brian Engle
Brian’s information security career stretches back to 1997 as an Engineering Manager after which Brian’s technical and leadership abilities saw him rise from Senior Information Security Manager to Chief Information Security Officer, first in the private sector and then in successive positions in state government culminating as CISO for the State of Texas.

Brian returned to the private sector (non-profit) as Executive Director for the Retail Cyber Intelligence Sharing Center (R-CISC) to provide retail industry collaboration to share intelligence on cyber threats, vulnerabilities, mitigation, and remediation. Stepping back again into the private sector, Brian shares his energy and knowledge as the founder and CEO of Riskceptional Strategies LLC.

Brian holds multiple information security certifications including CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor).

Location

CyberDefenses, Inc.
1205 Sam Bass Road, Suite 300
Round Rock, TX 78681
(512) 255-3700

Certificate

Certification of Completion

Additional Information

Purchased alone, this course does not provide you with the full Policy Bundle that is necessary to begin implementation, after you take this class. Click here to include the Written Information Security Program Policy Bundle in your purchase.

Need help figuring out which cyber security solution is optimal for your company?