NIST Cybersecurity Framework - ISG370


In the US, NIST is the de-facto standard for security, compliance, and privacy. If one is doing business with the US federal government, managing critical infrastructure, or maintaining personally identifiable information (PII), they must be compliant with NIST standards.  

NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations on securing their infrastructure, systems, and data. In this course, learners will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents and appropriately respond and recover should they occur. We teach learners how to become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF & RMF processes for optimal security, privacy, and compliance.  

Learning Options

Below are the available learning options for this course:


Online On-Demand

This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn more & subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize your training

NASBA Certified CPE

32 Credits

Information Technology

Why you should take this course

You should attend because cybersecurity risks abound, they inflict substantial losses on organizations and professionals.

Who should take this course

Information security and network professionals, Chief Data Officers, Chief Information Security Officers and Senior IT Auditors wanting to gain a deep understanding of the Cybersecurity Management System Framework.

What You'll learn

You will gain valuable hands-on implementation skills following a proven project management strategy.


  • Introduction to Information Security (ISG101)
  • Information Security Boot Camp (ISG291)
  • General understanding of ISO 27001, Risk Management, Audit, Knowledge Management, strategic business planning, communications, and continual improvement

 Course Level Objectives 

  • Assess techniques for implementing the NIST Cybersecurity and Risk Management Frameworks. 
  • Adapt methods for identifying, managing, and mitigating compliance risks for a sample of a real-world organization. 
  • Interpret case studies showing how sample organizations solved common security problems using the NIST CSF and RMF. 
  • Apply procedures and tools to apply the NIST Cybersecurity Framework's Five Functions. 
  • Evaluate publications, procedures, and tools for applying the NIST Risk Management Framework's Six Steps for an organization. 
  • Choose best practices for NIST CSF and RMF audits or assessments for organizations of all sizes, structures, and sectors. 

Course Topics 

  1. NIST Cybersecurity Overview 
  2. NIST CSF Identify 
  3. NIST CSF Protect Function 
  4. NIST CSF Detect Function 
  5. NIST CSF Respond Function 
  6. NIST CSF Recover Function 
  7. NIST RMF Preparation 
  8. NIST RMF Categorization 
  9. NIST RMF Control Selection 
  10. NIST RMF Control Implementation 
  11. NIST RMF Control Assessment 
  12. NIST RMF Authorization 
  13. NIST RMF Risk Monitoring 
  14. Overviews 

MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: