FISMA 251

Certificate Program Provided by FISMA Center 4 Day Course/ 6 CPE Credits Per Day Learn FISMA Certification & Accreditation concepts from top practitioners in the field. The emphasis of the course is on security Certification & Accreditation (C&A) concepts so that they can be applied to any security C&A methodology - NIST, DIACAP, NIACAP, DCID 6/ 3, ICD 503, or NISCAP. This course is not a comparison between the different C&A methodologies. Instead it teaches general concepts to create the broad knowledge base necessary in order to position your career for segue into any C&A project. The first two days of the course presents an overview of FISMA compliance requirements and discusses what documentation is needed, and what types of information to include in that documentation. The third day offers a survey of how to test for security vulnerabilities, and how to actively exploit and identify actual security vulnerabilities. To get the most out of the third day, you should bring a laptop with you to the course. FISMA 251 is a intermediate level course. Students should have a basic understanding of information security principles, concepts, and technologies. Although anyone performing security audits can benefit from this course, it is of particular use to U. S. federal agencies that much comply with the Federal Information Security Management Act of 2002 (FISMA). This class is appropriate for students who are novices up to seasoned experts. The hands-on lab exercises are valuable for all experience levels.

FISMA 251 Day 1:

Explanation of FISMA Certification and Accreditation terminology;
Types of C&A;
Understanding the C&A process;
Establishing a C&A program;
C&A Project Management;
Preparing the Hardware and Software Inventory;
Determining the C&A Level;
Lab 1: Determine the C&A Level;
Security Awareness & Training;
Creating End-User Rules of Behavior;
Incident Response;

Day 2:

Performing the Security Tests & Evaluation;
Conducting a Privacy Impact Assessment;
Performing a Business Risk Assessment;
Preparing a Business Impact Assessment;
Developing an IT Contingency Plan;
Performing a System Risk Assessment;
Developing a Configuration Management Plan;
Developing a System Security Plan;
Lab 2: Diagramming the Network;
Submitting the Certification Package;
Evaluating the Certification Package

Day 3:

Penetration testing concepts;
Discovery and attack phases;
Intelligence gathering;
Protocols as they relate to pen testing;
Port scanning with nmap;
Sniffers

Day 4:

Buffer overflows;
Race conditions;
Input validation errors;
DNS exploits;
Google dorks;
Metasploit;
CORE Impact

About The Training Provider: FISMA Center

More Gevernment Compliance Training from FISMA Center

• FISMA 101
• FISMA 151