NIST 800-53r5: Introduction to Security and Privacy Controls
This course provides foundational knowledge to understand NIST 800-53 Security and Privacy Controls, and is useful for anyone in the cybersecurity field who interacts with or needs to understand NIST 800-53 controls. This updated course features a module on the changes and updates included with NIST 800-53r5.
In this course, we will learn how 800-53 fits into the Risk Management Framework (RMF) since the knowledge is fundamental to understanding the importance of the security controls. After studying the steps in RMF, students will discover the history of the 800-53 document based on the revisions to the original.
Understanding the history is essential since cybersecurity professionals may work at an organization that has not adopted the latest revision. After gaining the foundational knowledge of 800-53, students will delve into the components and structure of the security controls. The structure includes the control families and the reason NIST organized the controls to meet FIPS 200 guidance. After learning about the control family organization, we will discuss the differences between system, hybrid, and common controls since this hierarchical implementation of security delineates the boundaries of responsibility within an organization. With an understanding of the families, organization, and types of security controls, students are ready to learn about the internal structure of the 800-53 controls. Finally, we will learn about how cybersecurity professionals will encounter security controls, such as System Security Plans (SSP), Plan of Actions & Milestones (POA&M), risk assessments, or reports from automated security tools.
Individuals who wish to take this course should have a basic understanding ofthe NIST Risk Management Framework (RMF), how to categorize a system (FIPS 199), have some understanding of basic security principles (NIST 800-12), and understand the components of Confidentiality, Integrity, & Availability. These principles are not hard requirements and will be reviewed during the course. The target audience for the course is anyone in the cybersecurity field who interacts with or needs to understand NIST 800-53 controls.
By the end of this course, students should be able to:
List the 800-53 control families
Describe where 800-53 belongs in the RMF process
Explain the need for a common risk framework
Demonstrate the selection of a baseline
Contrast 800-53 revisions
Differentiate the componentsof an 800-53 control
Interpret common, hybrid, & system controls
Select the applicable 800-53 controls for a system
This course is part of a Career Path:
No items found.
As a recognized expert in the field of cybersecurity, Dustin has run proactive risk assessments, incident response forensics, and worked in security operation centers (CSOCs) to strengthen the security posture for his client and employers and is a trusted partner in the immediate aftermath of cyber events.
Dustin has submitted written and oral testimony in local, state, and Federal courts. He is a frequent thought leader and speaker on a wide variety of cybersecurity matters.
I have been captivated by technology since I received my first computer at the age of 8. Even at a young age I enjoyed programming since it provided a virtual method of creating building blocks toward a final project; I have been coding ever since. My first job was as a web developer and part-time system administrator. I transitioned to system/network administrator managing Linux systems and connectivity for a local Internet service provider. I continued in several different fields of IT before transitioning to a dedicated cybersecurity role.
I have always enjoyed teaching and analogizing technology into terms everyone can understand without the complexity of IT.I also enjoy teaching concepts to IT professionals to expand their knowledge and assist in furthering their careers. During my doctoral studies, I attended a pedagogy class, which helped me understand how to formalize methods of teaching and organize the structure of knowledge transfer. I have recently taken on roles as a committee chair and mentor to doctoral students to support them through the process from development to defense of their dissertations. I also love talking about IT and cybersecurity, which makes teaching an enjoying endeavor.
Certificate of Completion
Complete this entire course to earn a NIST 800-53r5: Introduction to Security and Privacy Controls Certificate of Completion