2011 FISMA: Understanding the New Process, Requirements and Responsibilities

OMB and NIST over the past year issued in Special Publication (SP) 800-37 the new FISMA "Authorization" process (previously call (Certification and Accreditation) to be used by all Federal organizations, including the DoD and Intelligence communities, to gain approval to operate.  Additionally, NIST is finalizing SP 800-39 on the Risk Management Framework (RMF), which is the basis for this new "Authorization" process.  This moved us from a 4-phase Certification and Accreditation (C&A) process to a 6-step Authorization process.  This process has radically changed the way the U.S. government is securing and reporting the status of their IT systems.  Increased emphasis is now being placed on risk management, near-real-time awareness, automation, program management, and continuous monitoring concepts and solutions to secure Government IT systems.  Also, there are new responsibilities and requirements at all levels within the government and supporting contractor organizations to meet the 2011 FISMA requirements.  This 2-day course provides an awareness of strategies for meeting these new requirements.

Additionally, progressive agencies, contractors and integrators are now following the DoD lead and requiring their IT security professionals and system managers to gain this credential to increase their IT security posture or increase their corporate competitive advantage.

This course will be taught by a Certified (ISC)2 Instructor, who has taught CISSP, ISSEP and CAP review courses for over four years.  He also brings real-world practical experience from their supporting over 200 FISMA C&A's for systems in military, public and private sectors.  

Course attendees will:

• Understand the new NIST SP 800-37, revision 1, authorization process;
• Know the new roles, responsibilities, requirements and reports related to FISMA;
• Gain a thorough understanding of the six steps in the Risk Management Framework (RMF) process;
• Receive tactics to use in getting your system authorized and increase the system's security;
• Review of the information required to pass the CAP certification exam;  and
• Learn effective strategies for implementing the process and taking the CAP certification exam.

Guest Speaker

Ronald Ross, Senior Computer Scientist and Information Security Researcher, National Institute of Standards and Technology will discuss the NIST strategy and objectives overview for the New 800-39 "Managing Risk for Information Systems:  An Organization Perspective".