Module 1: FITSP-Designer
Objectives, Expectations, and Introductions
Security Certifications Exams
FITSP-Designer Courseware Logistics
Module 2: Government Laws and Regulations
Statutory and Regulatory Requirements
Office of Management and Budget (OMB)
Department of Homeland Security (DHS)
NIST – National Institute of Standards and Technologies
Module 3.1: Risk Management Framework
Federal Systems Design
SP 800-37R1: Guide for Applying the Risk Management Framework to Federal Information Systems
Risk Management Framework (RMF)
Roles and Responsibilities
Steps in the RMF Process
Security Categorization
Categorizing Privacy Information
Documentation
Security Control Baseline
SP 800-53 Fundamentals
SP 800-53 Selecting Security Controls
Implementing Controls
Planning for Assessments
Assessment Foundation
Conducting and Reporting
Authorization Tasks
Authorization Elements
Module 3.2: Information System Continuous Monitoring (ISCM)
RMF Step 6: Monitor Security Controls
CM Guidelines
Automation
CM Implementation
Module 4: NIST Special Publications
Special Publications
SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems
SP 800-27, Rev. A: Engineering Principles for Information Technology Security
SP 800-30, Rev. 1: Guide for Conducting Risk Assessments
SP 800-34: Contingency Planning Guide for Federal Information Systems
SP 800-37, Rev. 1: Guide for Applying the Risk Management Framework to Federal Information Systems
SP 800-39: Managing Information Security Risk
SP 800-40, Rev. 3: Guide to Enterprise Patch Management Technologies
SP 800-41, Rev. 1: Guidelines on Firewalls and Firewall Policy
SP 800-45, V. 2: Guidelines on Electronic Mail Security
SP 800-47: Security Guide for Interconnecting Information Technology Systems
SP 800-50: Building an Information Technology Security Awareness Training Program
SP 800-53, Rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-55, Rev. 1: Performance Measurement Guide for Information Security
SP 800-59: Guideline for Identifying an Information System as a National Security System
SP 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories
SP 800-61, Rev. 2: Computer Security Incident Handling Guide
SP 800-64, Rev. 2: Security Consideration in the System Development Life Cycle
SP 800-65: Integrating IT Security into the Capital Planning and Investment Control Process
SP 800-66, Rev. 1: An Introductory Resource Guide for Implementing Health Insurance Portability and Accountability Act (HIPAA) Security Rule
SP 800-70, Rev. 2: National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
SP 800-83: Guide to Malware Incident Prevention and Handling for Desktops and Laptops
SP 800 88, Rev. 1: Guidelines for Media Sanitization
SP 800-92: Guide to Computer Security Log Management
SP 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-100: Information Security Handbook: A Guide for Managers
SP 800-115: Technical Guide to Information Security Testing and Assessment
SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-128: Guide for Security-Focused Configuration Management of Information Systems
SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations
SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing
Module 5: Federal Information Processing Standards (FIPS)
NIST Federal Information Processing Standards (FIPS) Overview
FIPS Standards Defined
FIPS 140-2: Security Requirements for Cryptographic Modules
FIPS 180-4: Secure Hash Standard
FIPS 181: Automated Password Generator
FIPS 186-2: Digital Signature Standard
FIPS 190: Guideline for the Use of Advanced Authentication Technology Alternatives
FIPS 191: Guideline for the Analysis of Local Area Network Security
FIPS 198-1: The Key-Hash Message Authentication Code
FIPS 197: Advanced Encryption Standard
FIPS 199: Standards for Security Categorization of Federal Information and Information Systems
FIPS 200: Minimum Security Requirements for Federal Information and Information Systems
FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors
Module 6.1: NIST Control Families—Management
Security Architectures
Planning Family and Family Plans (PL)
Media Protection (MP)
Program Management (PM)
Risk Assessment (RA)
System and Services Acquisition (SA)
Physical and Environmental Protection
Security
Personnel Security
Module 6.2: Security Control Families—Operational
Awareness and Training (AT)
Configuration Management (CM)
Contingency Planning (CP)
Incident Response (IR)
System Maintenance (MA)
Media Protection (MP)
Personnel Security (PS)
Physical and Environmental Protection (PE)
Systems Integrity (SI)
Module 6.3: Security Control Families—Technical
Access Control (AC)
Audit and Accountability (AU)
Identification and Authentication (IA)
System and Communications Protection (SC)
Module 7: NIST Interagency Reports
NIST Interagency Reports
The purpose of the FITSI certification program is to validate the skills of IT security professionals against NIST standards and documentation. The FITSP-Designer certification is designed to demonstrate that Federal workforce personnel, both Federal employees and contractors, whose role is primarily focused on the design and development of systems owned by, or operated on behalf of, the Federal government of the United States.
To request the PowerPoints for this course, please e-mail sales@30bird.com.