NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog, the SP 800-53A control assessment procedures, and SP 800-53B control baselines. The courses provide a high-level overview of foundational security and privacy risk management concepts based directly on their respective NIST SPs.
Security and Privacy Controls Introductory Course
Based on SP 800-53, Security and Privacy Controls for Information Systems and Organizations, the course introduces the SP 800-53 control catalog and each control family.
Assessing Security and Privacy Controls Introductory Course
Based on SP 800-53A, Assessing Security and Privacy Controls in Information Systems and Organizations, the course covers the methodology for assessing the SP 800-53 controls. The material also explains the structure of the assessment procedures and assessment objectives.
Control Baselines Introductory Course
Based on SP 800-53B, Control Baselines for Information Systems and Organizations, the course provides an overview of security and privacy control baselines and guidance for tailoring them.
The new online introductory courses are between 45-60 minutes, and available at no cost, and registration is not required. All of the courses, including the Introduction to the RMF Course, can be accessed at https://csrc.nist.gov/Projects/risk-management/rmf-courses.
Please direct questions about the courses to sec-cert@nist.gov.
Security and Privacy: controls assessment, cybersecurity supply chain risk management, privacy, privacy controls, security controls, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act, Homeland Security Presidential Directive 12, OMB Circular A-130