Our ICD 503 course is designed for Information System Security and Information Assurance Professionals responsible for implementing and assessing security policies, practices, procedures and technologies. The course will cover implementation and conduct of Intelligence Community (IC) information systems assessment, authorization, risk management and continuous monitoring in accordance with ICD 503. We will provide students with new methods and approaches to assessing and authorizing IT systems within the Intelligence Community. The course will deliver applicable national security level guidelines and methodologies with specific focus on IC Standards, plans, methods, processes, and templates. The student will become familiar with IC 503 templates and processes through case studies and exercises.

Pre-requisites:

  • Knowledge of ICD 503, Information Technology Systems Security Risk Management, Certification, and Accreditation
  • Experience and/or knowledge of DCID 6/3, JAFAN 6/3 or DIACAP
  • Understanding of IT networks, systems, terminology and System Development Life Cycle (SDLC)
  • Familiarization with NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems; NIST Special Publication 800-39, Managing

Information Security Risk: Organization, Mission, and Information System View; NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations; and CNSS Instruction 1253, Security Categorization and Control Selection for National Security Systems.