Instructor Lead 1 week Intensive: provided monthly, click on registration link for class schedule!

If you wish to complete your certification in the shortest amount of time, get ready to put in your 8 hours per day in our virtual classroom. This 1 week intensive, delivered boot camp style will provide you with theoretical and practical knowledge for the tasks you would be required to complete as a Certification Agent or DIACAP Validator.

Self-Guided 1 Month Course: Offered Monthly, click on Registration Link for Schedule!

Study at your own pace in this one month self-guided presentation of the CNSS 4015 course. Log on at any time to review the instructor lead sessions and listen to the questions your classmates had during the live course presentation. During this month, instructors will be available to you through email and on-line chat. Take the tests when you are ready, and complete your certification within 1 month.

Promotional Price for these two classes: $960 per Student

Class space is limited to 30 Students. Registration can begin telephonically now at (717)417-5776 or register on line using the link above

CNSS 4015 The Systems Certification Agent On-Line
Syllabus

Day 1, Session A. Introduction - 2 hours
During the introduction students will be provided with an overview of the Certification and Accreditation (C&A) process and the role of the Systems Certification Agent plays within that process. Topics covered will be the purpose of C&A, types of C&A processes (i.e. NIACAP, NIST SP 800 series, DIACAP ), when C&A is used, roles and responsibilities, and the coordination functions of the Systems Certification Agent.

Upon completion, of this introductory section, students will be given a multiple choice baseline assessment. This baseline assessment will be used to determine a student's current understanding of the subject matter and assist the instructor in addressing specific student needs.

Day 1, Session B. Systems Security Life Cycle - 6 hours

By addressing C&A in the context of the Systems Security Life Cycle, this section will seek to emphasize a holistic approach to Information Security, and specifically the multifaceted coordination roles the Systems Certification Agent plays. Topics covered will include Identifying the Information Security Governance Framework (applicable laws, policies, procedures and guidelines), understanding, characterizing and documenting the organization's mission (Joint, Federal Civil, DoD, Service, Intelligence); assisting the organization in defining critical mission elements in the context of Confidentiality, Integrity, and Availability; characterize organization's operating environment, classification requirements, Mission Assurance categories and Confidentiality Levels. Demonstrate how Information Security integrates with the Systems Development Life Cycle by demonstrating the development of security requirements, security architectures, security designs, product evaluations and risk assessments against architectures, designs and product lists. The students will learn how the Systems Certification Agent interfaces with related disciplines, and ensures Information Assurance is provided in the areas of Operational, Personnel, Physical, Communications and Computer security.

The Defense Information Assurance Certification and Accreditation Process (DIACAP)

Day 2, Session A, Elements of C&A and the C&A Documentation - 4 Hours

During this session, students will learn about the assignment of Information Assurance Controls, determining when controls are inherited, how risk is managed, the importance of the C&A Life Cycle in the Acquisition Process, and C&A Maintenance. In addition, Students will be introduced to the individual sections of the DIACAP C&A Package, the difference between an Executive Package and a Comprehensive C&A package and when these are used.

Day 2, Session B, Executing the DIACAP Process - 4 Hours

The DIACAP consists of coordination activities, document generation, risk assessments, and finally the development of a Certification Determination for the Accreditation of the system.

In this session students will study the activities related to Activity 1 of the DIACAP entitled the Initiate and Plan IA C&A. This phase consists of Initiating the DIACAP Package, assigning Information Assurance Controls and making determining other security requirements, completing the DIACAP Implementation Plan (DIP), and gaining concurrence of the DIP from stakeholders and the DIACAP team.

Activities presented in this session include the evaluation of relevant security laws relative to the system, definition of accreditation boundaries, determining an appropriate Risk management methodology, preparing a systems description, C&A budget and resource requirements, development of a timeline and mapping C&A activities to the Systems Development Life Cycle.

Day 3, Session A, DIACAP Documentation - The DIACAP Implementation Plan (DIP) - 4 Hours

During this session students will learn how to develop the (DIP) in the context of the Information Systems Security Engineering life cycle. The intent of this session is to demonstrate how C&A activities co relate to the SDLC and how Information Security can be understood as an enabling technology, designed to provide Information Assurance through out the life cycle of the system. Students will develop Mission Descriptions, Threat Analysis, Systems Security Architectures with Accreditation Boundaries, Hardware and Software lists as well as Ports, Protocols and Services.

Students will also learn how to develop and validate the Security Requirements Traceability Matrix and test plans for Certification Testing and Evaluations as well as Security Testing and Evaluations

Day 3, Session B, DIACAP Documentation - Supporting Documentation - 4 Hours

Each DIACAP package contains a number of supporting documents that assist the Validator and the Designated Approving Authority in making a Certification and Accreditation decision. This session will teach students about these documents and will include lessons on the development of User Descriptions and Clearance requirements, characterization of the Operating/Computing Environment, Physical Security Measures and facilities, and specific Security Roles.

In addition, students will learn how to create diagrams depicting External Interfaces and Data Flows. Students will learn how to generate Rules of Behavior, evaluate and/or generate incident Response Plans, Contingency Plans, Personnel and Technical Security controls as well as the generation and use of Memorandum of Understanding/Memorandum of Agreements, and the development of a Security Education, Training and Awareness program.

Day 4, Session A, Certification Analysis - 4 Hours

Once a system has been readied for C&A, a C&A Validator along with a C&A Validation team will assess the security posture of the system. This assessment takes a Defense In Depth look at what the desired security goals are of the organization?s information and how the associated security controls have been implemented through out the OSI layers in the areas of Confidentiality, Integrity and Availability. To that affect, the Validator will review controls in the areas of Systems Design and Configuration, Enclave Boundary Protection, Enclave Computing Environment, Identification and Authentication, Physical and Environmental controls, Personnel Security controls, Continuity of Operations, and Incident and Vulnerability Management.

Day 4, Session B, Certification Evaluation - 4 Hours

This session will focus on the actual validation process. Methods of evaluation will include heuristics and technical evaluations through observation, and/or demonstration. Students will learn about the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGS), National Security Agency (NSA) SNAC guides, DISA Gold Disk, and Eye Retina scans. Students will learn to review Contingency Test Plans, Audit trail Reviews, Disaster Recovery Plans, Change Control processes, and periodic testing schedules.

Day 5, Session A - Development of the Certification Determination Letter - 4 Hours

During this final session, students will learn to compile collected validation information and generate a Certification Determination Letter for the Designated Approving Authority. Students will characterize Validation results, both technical and non-technical, conduct a Risk Analysis and craft a Statement of Residual Risk. Students will learn how the system will maintain its accreditation, how to validate compliance with the accreditation requirements, and what is required to update the Plan of Action and Milestones as well as keep the DIACAP documentation current.

Day 5, Session B - Review and Final Quiz - 4 Hours

During this session Students will receive a 2 hour review of the course high lights and will finish the course with a final exam. The intent of the exam is to verify that students have developed a good understanding of the roles and responsibilities of the DIACAP Validator and understand how the Validator facilitates the C&A activities.