Free

NIST 800-53r5: Introduction to Security and Privacy Controls

This course provides foundational knowledge to understand NIST 800-53 Security and Privacy Controls, and is useful for anyone in the cybersecurity field who interacts with or needs to understand NIST 800-53 controls. This updated course features a module on the changes and updates included with NIST 800-53r5.
2
15
M
Time
beginner
difficulty
3
ceu/cpe

Course Content

Course Overview

8m

Getting to Know 800-53
Module 2 Overview

2m

Understanding 800-53 Controls
NIST 800-53 Revision 5

34m

NIST 800-53 Revision 5
800-53 Introduction

8m

Getting to Know 800-53
Control Families

7m

Understanding 800-53 Controls
Risk Management Framework

9m

Getting to Know 800-53
Anatomy of a Control

5m

Understanding 800-53 Controls
How NIST Explains 800-53

6m

Getting to Know 800-53
Control Selection

6m

Understanding 800-53 Controls
800-53 Revision 4

7m

Getting to Know 800-53
Common, System and Hybrid Controls

7m

Understanding 800-53 Controls
To Rev 5 & Beyond

6m

Getting to Know 800-53
Organization Defined Variables

3m

Understanding 800-53 Controls
Module 1 Summary

1m

Getting to Know 800-53
System Security Plan

5m

Understanding 800-53 Controls
Control Assessment

8m

Understanding 800-53 Controls
POA&M

7m

Understanding 800-53 Controls
Course Description

In this course, we will learn how 800-53 fits into the Risk Management Framework (RMF) since the knowledge is fundamental to understanding the importance of the security controls. After studying the steps in RMF, students will discover the history of the 800-53 document based on the revisions to the original.

Understanding the history is essential since cybersecurity professionals may work at an organization that has not adopted the latest revision. After gaining the foundational knowledge of 800-53, students will delve into the components and structure of the security controls. The structure includes the control families and the reason NIST organized the controls to meet FIPS 200 guidance. After learning about the control family organization, we will discuss the differences between system, hybrid, and common controls since this hierarchical implementation of security delineates the boundaries of responsibility within an organization. With an understanding of the families, organization, and types of security controls, students are ready to learn about the internal structure of the 800-53 controls. Finally, we will learn about how cybersecurity professionals will encounter security controls, such as System Security Plans (SSP), Plan of Actions & Milestones (POA&M), risk assessments, or reports from automated security tools.

Prerequisites

Individuals who wish to take this course should have a basic understanding ofthe NIST Risk Management Framework (RMF), how to categorize a system (FIPS 199), have some understanding of basic security principles (NIST 800-12), and understand the components of Confidentiality, Integrity, & Availability. These principles are not hard requirements and will be reviewed during the course. The target audience for the course is anyone in the cybersecurity field who interacts with or needs to understand NIST 800-53 controls.

Course Goals

By the end of this course, students should be able to:

  • List the 800-53 control families
  • Describe where 800-53 belongs in the RMF process
  • Explain the need for a common risk framework
  • Demonstrate the selection of a baseline
  • Contrast 800-53 revisions
  • Differentiate the componentsof an 800-53 control
  • Interpret common, hybrid, & system controls
  • Select the applicable 800-53 controls for a system

    This course is part of a Career Path:
    No items found.

    Instructed by

    Instructor
    Dustin Sachs

    As a recognized expert in the field of cybersecurity, Dustin has run proactive risk assessments, incident response forensics, and worked in security operation centers (CSOCs) to strengthen the security posture for his client and employers and is a trusted partner in the immediate aftermath of cyber events.

    Dustin has submitted written and oral testimony in local, state, and Federal courts. He is a frequent thought leader and speaker on a wide variety of cybersecurity matters.

    Instructor
    Philip Kulp

    I have been captivated by technology since I received my first computer at the age of 8. Even at a young age I enjoyed programming since it provided a virtual method of creating building blocks toward a final project; I have been coding ever since. My first job was as a web developer and part-time system administrator. I transitioned to system/network administrator managing Linux systems and connectivity for a local Internet service provider. I continued in several different fields of IT before transitioning to a dedicated cybersecurity role.

    My roles in cybersecurity have been as an auditor, security plan writer, controls implementer, architecture, incident responder, and penetration tester. In my current role, I test web application and perform security code review for applications developed in Java, .Net, Python, JavaScript, and a few other languages. I try to get away from IT as much as possible and enjoy the outdoors. My favorite hobbies are mountain biking, hiking, and photography. When I’m lucky, I can combine a couple of hobbies at onetime.

    I have always enjoyed teaching and analogizing technology into terms everyone can understand without the complexity of IT.I also enjoy teaching concepts to IT professionals to expand their knowledge and assist in furthering their careers. During my doctoral studies, I attended a pedagogy class, which helped me understand how to formalize methods of teaching and organize the structure of knowledge transfer. I have recently taken on roles as a committee chair and mentor to doctoral students to support them through the process from development to defense of their dissertations. I also love talking about IT and cybersecurity, which makes teaching an enjoying endeavor.

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a NIST 800-53r5: Introduction to Security and Privacy Controls Certificate of Completion