Title: NIST SP 800-171 Fundamentals (Non-CMMC)

• Modalities: Self-Paced Online

  • Live Instructor-Led: By Request

• Duration: 2 days

 

Overview 

This course is designed to introduces students to the foundational concepts behind the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 and related publications without the context of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) program. 

 

Who Should Attend

• Line of Business Leadership

• Non-Technical Managers

• Technical Managers

• Industry Members (e.g., Manufacturing Extension Program, State-Federal Liaisons)

 

Course Agenda

• Day 1 (AM):

  • Introductions

  • What is NIST SP 800-171

  • Who needs to follow NIST SP 800-171

  • Supplemental materials

  • Relationship to NIST SP 800-171A

  • Relationship to NIST SP 800-172

• Day 1 (PM):

  • NIST SP 800-171 construction (tailoring)

    • The role of FIPS 199 in NIST SP 800-171

      • Security objectives

        • Confidentiality

        • Integrity

        • Availability

      • Impact levels

        • Low

        • Moderate

        • High

      • The role of FIPS 200 and NIST SP 800-53 in NIST SP 800-171

      • Scope of applicability

      • NIST SP 800-171A assessments

  • Day 2 (AM):

    • Requirements interrelatedness

      • Requirements

        • Access Control

        • Awareness and Training

        • Audit and Accountability

        • Configuration Management

        • Identification and Authentication

        • Incident Response

        • Maintenance

  • Day 2 (PM):

    • Requirements

      • Media Protection

      • Personnel Security

      • Physical Protection

      • Risk Assessment

      • Security Assessment

      • System and Communications Protection

      • System and Information Integrity

    • Review

    • Exam

​

​