NIST 800-53: Introduction to Security and Privacy Controls
In this course, we will learn how 800-53 fits into the Risk Management Framework (RMF) since the knowledge is fundamental to understanding the importance of the security controls. After studying the steps in RMF, students will discover the history of the 800-53 document based on the revisions to the original.
Understanding the history is essential since cybersecurity professionals may work at an organization that has not adopted the latest revision. After gaining the foundational knowledge of 800-53, students will delve into the components and structure of the security controls. The structure includes the control families and the reason NIST organized the controls to meet FIPS 200 guidance. After learning about the control family organization, we will discuss the differences between system, hybrid, and common controls since this hierarchical implementation of security delineates the boundaries of responsibility within an organization. With an understanding of the families, organization, and types of security controls, students are ready to learn about the internal structure of the 800-53 controls. Finally, we will learn about how cybersecurity professionals will encounter security controls, such as System Security Plans (SSP), Plan of Actions & Milestones (POA&M), risk assessments, or reports from automated security tools.
Individuals who wish to take this course should have a basic understanding ofthe NIST Risk Management Framework (RMF), how to categorize a system (FIPS 199), have some understanding of basic security principles (NIST 800-12), and understand the components of Confidentiality, Integrity, & Availability. These principles are not hard requirements and will be reviewed during the course. The target audience for the course is anyone in the cybersecurity field who interacts with or needs to understand NIST 800-53 controls.
## Course Goals
By the end of this course, students should be able to: