Senet Services

TRAINING OFFERINGS

C_A101: CERTIFICATION AND ACCREDITATION FUNDAMENTALS (3 DAYS)

DESCRIPTION:

The Federal Information Security Management Act (FISMA) directed the National Institute of Standards (NIST) to develop a comprehensive security certification and accreditation (C&A) process for information systems that support the federal government.   The guidelines for implementing this process are contained in NIST SP 800-37 “Guide for the Security Certification and Accreditation of Federal Information Systems”.  SeNet has designed this introductory course to instruct Government personnel and their contractors on the fundamentals of this process

INTENDED AUDIENCE:

Government personnel and their contractors who are:

  • Tasked with performing or maintaining their organizations system/network certification and accreditation process.
    Responsible for any portion of a C&A effort but who have less than one year of active participation in the process.
  • Interested in learning how to build the team necessary to conduct a successful, efficient C&A effort.
  • Authorizing Officials, Authorizing Official Designated Representative, Chief Information Officers, Senior Agency Information Security Officers, Risk Executives, Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, Security Control Assessors, and User Representatives

 

C_A102-1: PHASE 1 - C & A INITIATION PHASE (2 DAYS)

DESCRIPTION:

This session covers the basic documents and tasks involved in the initial documentation phase of the C&A process. Attendees will learn the specifics about what goes into  each of the documents that are required for certification and accreditation of information systems under FISMA and NIST SP 800-37.

INTENDED AUDIENCE:

Government personnel and their contractors who are:

  • Responsible for performing or maintaining their organizations system/network  
    certification and accreditation and testing.
  • Authorizing Officials, Authorizing Official Designated Representative, Chief Information Officers, Senior Agency Information Security Officers, Risk Executives, Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, Security Control Assessors, and User Representatives.

 

C_A102-2: PHASE 2 - SECURITY CERTIFICATION (3 DAYS)

DESCRIPTION:

This session covers the basic tasks involved in the certification phase of the C&A process.  This phase of the C&A process is about execution of security control assessments for components of an information system.  This session covers how to develop the plans for testing those components and then executing those tests and analyzing the results.

INTENDED AUDIENCE:

Government personnel and their contractors who are:

  • Responsible for performing or maintaining their organizations system/network  
    certification and accreditation and testing.

  • Authorizing Officials, Authorizing Official Designated Representative, Chief Information Officers, Senior Agency Information Security Officers, Risk Executives, Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, Security Control Assessors, and User Representatives

 

C_A102-2L: PHASE 2 - SECURITY CERTIFICATION + LABS (5 DAYS)

DESCRIPTION:

This session covers the same content as in C_A102-2.  This phase of the C&A process is about execution of the System Test and Evaluation of the components of an Information System.  This session covers how to develop the plans for testing those components and test execution  as well as collating the test results.  In addition, it includes laboratory exercises that are actual C&A testing exercises using available tools and techniques for testing on information system components.  Actual hands-on use of testing tools are utilized during lab exercises.

INTENDED AUDIENCE:

Government personnel and their contractors who are:

  • Responsible for performing or maintaining their organizations system/network certification and accreditation and testing.

  • Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, and Security Control Assessors

 

CLICK FOR MORE INFORMATION