Cybersecurity Procedures Overview, DoDI 8500.01

Cybersecurity Procedures Overview, DoDI 8500.01

Cybersecurity Procedures Overview, DoDI 8500.01 Training Course Description

Cybersecurity Procedures Overview, DoDI 8500.01 training gives you a classified approach and step by step procedure to secure your information system based on DoD standard instructions. DoDI 8500.01 is a cybersecurity program to protect and defend DoD information and Information Technology (DoD IT) from prospective cybersecurity threats.

TONEX as a leader in security industry for more than 15 years is now announcing the Cybersecurity Procedures Overview, DoDI 8500.01 training which helps you to understand security controls in compliance with laws, regulations and policies and extend security protection to information systems in federal agencies and DoD related IT.

DoDI 8500.01 applies to all DoD related organizations, military departments, the office of the chairman of the joint chiefs of staff (CJCS), defense agencies, DoD field activities and all other organizational entities related to the DoD.

TONEX as a leader in industry and academia with high quality conferences, seminars, workshops, and exclusively designed courses in cybersecurity area is pleased to announce a complete training on cybersecurity implementation for DoD to protect DoD operation, individuals and organizations from threats.

Cybersecurity Procedures Overview, DoDI 8500.01 training will help you to implement a multi-tiered cybersecurity risk management process for DoD Information level, through the DoD component level and down to the Information System (IS) level based on security principles stated by National Institute of Standards and Technology (NIST) Special Publications (SP) as well as Committee on National Security Systems (CNSS) policy.

This course covers variety of topics in cybersecurity for DoD such as: introduction to DoD cybersecurity program, cybersecurity steps for DoD, cybersecurity risk management, operational resilience, cybersecurity test and evaluation, integration and interoperability. Moreover, learn about cyberspace defense, performance test, DoD information security, DoD identity assurance, DoD information technology, and DoD cybersecurity workforce.

Cybersecurity Procedures Overview, DoDI 8500.01 training will help you to implement new changes into your information system regardless of your information system type and ensures to meet federal compliance requirements especially RMF, FISMA, NIST and CNSS.

The Cybersecurity Procedures Overview, DoDI 8500.01 course by TONEX is interactive course with a lot of class discussions and exercises aiming to provide you a useful resource for RMF implementation to your information technology system.

Learn about cyberspace defense to protect, detect, characterize, counter and mitigate unauthorized activities and vulnerabilities on DoD information networks by taking the Cybersecurity Procedures Overview, DoDI 8500.01 training by TONEX.

Learn about identity assurance to ensure strong identification, authentication and eliminate anonymity in DoD IS and PIT systems. Moreover, learn about application of cybersecurity policies to all DoD IT that receives processes, stores, displays or transmits DoD information.

If you are an IT professional of federal agency personnel and need to understand and implement cybersecurity life cycle for your IT system or validate your cybersecurity skills, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of the Cybersecurity Procedures Overview, DoDI 8500.01 training and will prepare yourself for your career.

Cybersecurity Procedures Overview, DoDI 8500.01 training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you to tackle the entire related RMF challenges.

Audience

The Cybersecurity Procedures Overview, DoDI 8500.01 training is a 2-day course designed for:

• IT professionals in the DoD organizations
• Airforce and Military Personnel in charge of cybersecurity
• DoD employees and contractors or service providers
• All DoD personnel in charge of information assurance
• Authorizing official representatives, chief information officers, senior information assurance officers, information system owners or certifying authorities
• Employees of federal agencies and the intelligence community
• Assessors, assessment team members, auditors, inspectors or program managers of information technology area
• Any individual looking for information assurance implementation for a company based on recent DoD and NIST policies
• Information system owners, information owners, business owners, and information system security managers

Training Objectives

Upon completion of the Cybersecurity Procedures Overview, DoDI 8500.01 training course, the attendees are able to:

• Understand the life cycle of cybersecurity and different types of threats and vulnerabilities in DoD Information System
• Learn about different Department of Defense (DoD) Directives and Instructions (DoDD and DoDI)
• Explain NIST Special Publication (NIST SP) series of publications used for DoD cybersecurity implementation
• Apply Risk Management Framework (RMF) based on NIST SP 800-37 to DoD information system
• Understand different steps to cybersecurity for DoD
• Employ risk management for DoD
• Characterize the cyber-attack surface
• Describe Security control Automation Protocol (SCAP)
• Apply Cyberspace defense techniques based on DoDI 8410.02 to DoD information systems
• Organize mechanism for cybersecurity of DoD information
• Secure the classified information and understand information sharing policies
• Identify DoD approved identity credentials
• Learn about different layers of DoD Information Technology (DoD IT) such as CIO and PIT

Training Outline

Cybersecurity Procedures Overview, DoDI 8500.01 training course consists of the following lessons, which can be revised and tailored to the client’s need:

Introduction to Department of Defense Cybersecurity Program Overview

• Department of Defense Directive 8000.01 (DoDD 8000.01)
• Department of Defense Directive 8500.01e and 8500.2
• S Department of Defense Policies
• DoD Directive 8100.1 (DoDD 8100.1)
• Department of Defense Instruction 8520.01 (DoDI 8510.01)
• National Security Agency (NSA) IA Mitigation Guidance
• National Institute of Standards and Technology (NIST) Computer Security Division
• NIST Publication Series
• Federal Information Processing Standards (FIPS)
• FIPS Publication 199
• FIPS Publication 200
• Special Publications (SP) 800 Series
• SP 800-37, Applying Risk Management Framework to Federal Information Systems
• SP 800-53, Security and Privacy Control for Federal Inforamtion Systems and Organizations
• SP 800-60, Mapping Types of Information and Information Systems to Security Categories
• Risk Management Framework (RMF)

Cybersecurity Steps for DoD

• Risk Management
• Operational Resilience
• Integration and Interoperability
• Cyberspace Defense
• Performance Test
• DoD Information Security
• Identity Assurance
• DoD Information Technology
• Cybersecurity Workforce
• DoD Risk Executive Function

Cybersecurity Risk Management

• Adopting NIST’s RMF
• NIST SP 800-37
• Authorization to Operate (ATO)
• Committee on National Security Systems Instructions (CNSSI) 1253
• Transition of DoD IS and PIT system to CNSSI 1253
• Transition of DoD to NIST SP 800-53
• Integrated Organization-Wide Risk Management
• Tiered Approach to Risk Management
• Organization
• Mission/Business
• Information Systems
• RMF Life Cycle
• DoD Risk Executive Function
• DT&E and OT&E Integration
• Codifying the Reciprocity
• Enterprise-wide IT Governance
• Continuous monitoring
• Risk Assessment
• Security Control

Operational Resilience

• Trustworthy Information Resources
• Information Resource Degradation/Loss
• Prevailing Adverse Events
• Ike Skelton National Defense Authorization Act
• Supporting Acquisition Program Protection
• Identifying Critical Program Information
• Mission Planning based on DoDD 3020.26
• Restoring Information resources
• Preserving Trust for Security of DoD During Transmission
• Communications Security (COMSEC) based on DoDI 8523.01
• Transmission Security (TRANSEC)

Cybersecurity Test and Evaluation

• DODI 5000.02
• Cybersecurity T&E Phases
• Understanding Cybersecurity Requirements
• Characterizing the Cyber Attack Surface
• Cooperative Vulnerability Identification Adversarial Cybersecurity DT&E
• Cooperative Vulnerability and Penetration Assessment
• Adversarial Assessment
• Cybersecurity T&E Resources
• Cyber Ranges

Integration and Interoperability

• Net-Centric Model Operation
• Integration of System Life Cycle
• Interoperability of Cybersecurity Products
• Semantic, Technical and Policy Interoperability
• Standard-Based Approach , NIST SP 800-126 for Security Control Automation Protocol (SCAP)
• DoD Architecture Principles
• Repositories

Cyberspace Defense

• DoD IT Protection referred to DoD Manual O-8530.01
• Cyberspace Defense Based on DoDI 8410.02
• Continuous monitoring Capability Based on NIST SP 800-137
• Penetration and Exploitation Testing
• Cyber Defense Personnel Referred to DoDI 8520.03
• Digital and Multimedia Forensics for DoD IT, DoDD 5505.13
• DoDI 5240.26 for International Terrorism and CI Insider Threat
• Insider Threats Policies
• DoD Network Administration Cybersecurity Protection

Performance Test

• Organization Mechanisms for Cybersecurity
• Maintaining Accountability of Information
• Consistent Cybersecurity Implementation Monitoring and Verification
• DoDD 7045.14 for Decision Process Facilitation
• Strategic Cybersecurity Metrics Definition by DoD CIO

DoD Information Security

• DoDI 5200.01 for Classified Information
• Information Sharing Policies Defined by DoDD 8320.02
• Defense Cybersecurity Program
• Protection of Classified Information
• Public Release Information Clearance, DoDD 5320.09 and DoDI 8582.01
• Spillage of Classified Information
• Automated Sharing and Protection of DoD Information
• Compliance of DoD IT with DoDI 5400.16 and DoD 8580.02R
• Privacy Impact Assessment (PIA) for DoD IS
• Cryptography of DoD Information
• Public Media Information Security by DoD 5205.02 and DoDI 8550.01

DoD Identity Assurance

• DoD Approved Identity Credentials
• Recording the Identification Entities
• Identity Assurance Procedures
• Identity Management Strategic Plan for DoD
• Identity Assurance Implementation Guidance
• Identity Reliant functions for Information and Infrastructure
• Identity Assurance Policies

DoD Information Technology

• Information Systems
• Enclaves
• Automated Information System Applications
• DoD Component CIO
• DoD Is Registration
• Stand-Alone Systems
• Notice Consent Banners
• PIT
• IT Services
• IT Products
• IT Considerations
• NIST 800-88 for Electronic Media Disposal

DoD Cybersecurity Wrokforce

• Qualified Cybersecurity Workforce
• Identified Cybersecurity Positions
• Cybersecurity Awareness Orientations
• Cybersecurity Function
• Position Designation Criteria

Hands On, Workshops and Group Activities

• Labs
• Workshops
• Group Activities

Sample Workshops and Labs for Cybersecurity Procedures Overview, DoDI 8500.01 Training

• Using NIST standards for cybersecurity implementation
• Cybersecurity Test and Evaluation based on DODI 5000.02
• Risk management Case Study based on NIST SP 800-37
• DoDI 5200.01 for Classified Information Case Study
• Identity Assurance Case Study

Cybersecurity Procedures Overview, DoDI 8500.01