Implement the New NIST RMF Standards and Meet the 2022 FISMA Metrics

The new Presidential Executive Order has increased emphasis on advancing toward “Zero-Trust Architecture” and “Endpoint Detection and Response (EDR)”, and moving systems to FedRAMP clouds. Additionally, NIST has released the finals of many Risk Management Framework (RMF) standards (SP800-53 Rev 5 – Security Controls, SP800-53B – Security Control Baselines, Privacy Framework, SP800-160 Vol 2 – Systems Security Engineering, SP800-161 Rev 1 – Supply Chain Risk Management, SP800-171 Rev 2 – Controlled Unclassified Information (CUI) and High Valued Assets (HVA)), and revisions to the NIST Cyber Security Framework (CSF). RMF now requires an additional step, Preparation Step with 18 new Tasks, and the security control baselines families have increased from 18 to 20 to include more privacy and supply chain security control families. The President and OMB has also increased the requirement to implement to new CSF process into the FISMA process and DHS has initiated several new activities that can be leveraged by enterprises and systems to increase the security and meet on-going authorization efforts.

All of these have made major changes to Federal Cybersecurity requirements that will affect government and contractor information systems and enterprises. This 2-day seminar will identify the changes and provide strategies for effectively and quickly implementing solutions for meeting the new requirements.

Who Should Attend

The intended audience for the course is for Federal Agency, DoD and Intelligence employees and contractors:

• Authorization Officers (AOs), Inspector Generals (IGs)
• Senior Accountable Official for Risk Management (SAORM)
• Chief Information Officers (CIOs), Chief Financial Officers (CFOs), Chief Operations Officers (COOs), Chief Security Officers (CSOs)
• Business/Mission Owners, Program and Systems Managers (PMs and SMs)
• Senior Information Security Officers / Chief Information Security Officers ((SISOs/CISOs)
• Information System Owners, Common Control Providers (CCPs) and Information Owners
• Senior Agency Official for Privacy (SAOP) / Chief Privacy Officer (SAOP/CPO),
• Chief Acquisition Officer (CAO) and Enterprise Architect
• Information System Security Managers (ISSMs)
• Information System Security and Privacy Engineers (ISSEs, SSEs, and SPEs)
• System Security and Privacy Officers (ISSOs, SSO and SPOs)
• Security Control Assessors (SCAs and CAs)
• System Administrators (SysAdm)
• Product and Service Providers, Consultants, Integrators and Supporting Contractors
• Cybersecurity Professionals
• Supporting staff members
• Learning Objectives

The learning objectives for this two-day, Executive, Manager and Operations Level course, are broad ranging and include a number of concepts and strategies including understanding the:

• Requirements of the new Presidential, OMB, DHS, and NIST requirements
• Draft updates to include NIST CSF, Risk Management Framework (RMF – SP800-37 Rev2), Security and Privacy Controls Catalog (SP800-53 Rev5 and SP800-53B)
• Strategies for leveraging government initiatives, like cybersecurity hygiene, EINSTEIN, TIC, MTIPS, CDM, HBSS and ACAS solutions
• How to influence your organization’s planning, programming, and budget processes
• Potential strategies for effectively meeting the new FISMA requirements
• Methods for reducing the amounts of resources and paperwork
• New opportunities for innovative processes, controls, products and services necessary to support these Presidential and NIST changes