NIST Cybersecurity Framework - ISG370


NIST is the de-facto standard for security, compliance, and privacy in the US. One must comply with NIST standards if/when doing business with the US federal government, managing critical infrastructure, or maintaining personally identifiable information (PII). 

NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations in securing their infrastructure, systems, and data. In this course, participants will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents, and appropriately respond and recover should they occur. We teach participants how to become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF and RMF processes for optimal security, privacy, and compliance.

Learning Options

Below are the available learning options for this course:


Online On-Demand

This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn more & subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize your training

NASBA Certified CPE

32 Credits

Information Technology

Why you should take this course

For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.

Who should take this course

Information Security and Network professionals, Chief Data Officers, Chief Information Security Officers, and Senior IT Auditors wanting to gain a deep understanding of the Cybersecurity Management System Framework.


  • Introduction to Information Security and Cybersecurity Audit School
  • or equivalent experience

1.    NIST Cybersecurity Overview

    NIST Cybersecurity and Publications

    NIST Relationships

    NIST CSF & RMF Overview

    NIST CSF Core, Tiers, and Profiles

    The Vocabulary of Risk

    NIST Frameworks & Standards Case Study

2.    NIST CSF Identify

    NIST Core Review and Identify Function Overview

    Inventory of Critical Assets

    Business Impact Assessment

    Security Policies and Procedures

3.    NIST CSF Protect Function

    NIST Core Review and Protect Function Overview

    Awareness & Training

    Access Control

    Protective Technology – Network

    Protective Technology – Systems 

    Data Security and Encryption


    Personnel and Physical Security

4.    NIST CSF Detect Function

    System Auditing and Logging

    Monitoring and Alerting


5.    NIST CSF Respond Function

    Response Planning

    Incident response Plan Examples

    Digital Forensics

    Response Training and Testing

    Mitigation and Improvements

6.    NIST CSF Recover Function

    Continuity of Operations Plan

    Backup and recovery

    Virtualization and the Cloud

7.    NIST RMF Preparation

    NIST RMF Overview and Preparation

    A Risk-Based Approach to Security

    The RMF Preparation Step

    System Security Plan (SSP)

8.    NIST RMF Categorization

    Categorizing Information Systems

    Establishing Scope

    The RMF Categorize Step

    Categorization Risk Analysis

9.    NIST RMF Control Selection

    Selecting Security Controls

    NIST Control Documents

    Setting and Tailoring control Baselines

    Control Allocation and Monitoring

    Documentation and Approval

10.    NIST RMF Control Implementation

    Security Control Implementation

    Common Controls

    Documenting Controls

11.    NIST RMF Control Assessment

    NIST RMF Assessment Step and Process

    Assessment Plan

    Conducting the Assessment

    Analyzing Assessment Results

    Assessment Documentation

    Risk Remediation

12.    NIST RMF Authorization

    System Authorization

    Risk Response

13.    NIST RMF Risk Monitoring

    Monitoring Controls Step

    Change Management and Configuration Control

    System Disposal (EOL)

  • Assess techniques for implementing the NIST Cybersecurity and Risk Management Frameworks.
  • Adapt methods for identifying, managing and mitigating compliance risks for a sample or real-world organization.
  • Interpret case studies showing how sample organizations solved common security problems using the NIST CSF and RMF.
  • Apply procedures and tools to apply the NIST Cybersecurity Framework's Five Functions.
  • Evaluate publications, procedures and tools for applying the NIST Risk Management Framework's Six Steps for an organization.
  • Choose best practices for NIST CSF and RMF audits or assessments for organizations of all sizes, structures and sectors.

MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: