top of page

NIST Cybersecurity Professional (NCSP) 800-37 Foundation Certificate

NIST Cybersecurity Professional 800-37 Foundation

Course Outline

NIST SP 800-37 aims to create a comprehensive, proactive, and iterative approach to managing information security and privacy risks, ensuring that as technology and threats evolve, organisations can maintain appropriate levels of security and compliance.

This 2-day, instructor led, NIST Cybersecurity Professional® (NCSP®) 800-37 Foundation Certificate course provides a structured approach to learning the fundamentals of the NIST SP 800-37 framework, ensuring participants are well-equipped to understand and apply RMF in their professional environments.

There are no pre-requisites for course attendance. The course is suitable for employees at all levels.​

Course Modules

Day 1

Overview of NIST SP 800-37

  • Purpose and scope of RMF

  • Key terms and concepts

​​

The Importance of Risk Management

  • Why risk management is critical

  • Relationship between security, privacy, and risk

​​

RMF Process Overview

  • Step 1 - Prepare

    • ​Organisational Context

    • Risk Management Strategy

  • Step 2 - Categorise

    • Information System Categorisation

    • Impact Levels

  • Step 3 - Select

    • Security and Privacy Controls Selection

    • Tailoring Controls

​​

Day 2

RMF Process Overview (continued)

  • Step 4 - Implement

    • Control Implementation

    • Configuration Management

  • Step 5 - Assess

    • Control Assessment Techniques

    • Assessment Plans and Reports

  • Step 6 - Authorise

    • Authorisation Process

    • Risk Determination and Acceptance

  • Step 7 - Monitor

    • Ongoing Security and Privacy Control Monitoring

    • Security Status Reporting

​​

Integration with Other Frameworks

  • How RMF fits with other NIST publications (like SP 800-53)

    • Crosswalk to UK NCSC Risk Management Framework

    • Crosswalk to ISO 31000 Risk Management Guidance

  • Continuous Improvement

Learning Outcomes

On completion of the NIST Cybersecurity Professional® (NCSP®) 800-37 Foundation Certificate participants will be able to:

  • Understand the principles of the Risk Management Framework (RMF)

  • Explain the steps involved in implementing RMF within an organisation

  • Understand how RMF integrates with organisational processes

  • Apply RMF in real-world scenarios for enhancing system security and privacy

Target Audience and Pre-requisites

This course would be particularly beneficial for those who are or will be directly involved in the implementation, assessment, or authorisation of information systems, those who need to ensure that their organisation's practices align with best practice for security and privacy and those with a stake in cybersecurity, privacy, governance, and compliance.

 

There are no prerequisites for this Foundation level course. The course is suitable for all employees at all levels.

 

Participants are provided with:

  • NIST Cybersecurity Professional® (NCSP®) 800-37 Foundation Certificate courseware including links to further reading and resources

  • NIST Cybersecurity Professional® (NCSP®) 800-37 Foundation Certificate Certificate of Completion

  • NIST Cybersecurity Professional® (NCSP®) 800-37 Foundation Certificate digital badge

Further reading

NIST SP 800-37 : Risk Management Framework for Information Systems and Organisations - A System Life Cycle Approach for Security and Privacy

bottom of page