NIST 800-171 Controlled Unclassified Information Course

0
Language

Level

Beginner

Access

Paid

Certificate

Paid

The Cybrary NIST 800-171 course covers the 14 domains of safeguarding controlled unclassified information in non-federal agencies. Basic and derived requirements are presented for each security domain as defined in the NIST 800-171 special publication.

Add your review

Course Description

In this course, Cybrary’s Kelly Handerhan takes us through the fourteen families of classifications for controlled, unclassified information as defined in the NIST 800-171 standard. This standard, issued by the National Institute of Standards and Technology (NIST), governs the handling of unclassified yet sensitive information on systems in non-federal agencies. It is part of an initiative to reduce the number of unclassified information categories such as “For Official Use Only” (FOUO) and “Sensitive But Unclassified” (SBU). It’s important to keep in mind that just because certain information is unclassified doesn’t mean that it should be freely available to anyone wishing access. It’s still vital that security controls are in place to safeguard such information when it is outside federal infrastructure. The audience for standard NIST 800-171 is developers involved in the Software Development Life Cycle (SDLC), project managers, those that procure and outsource equipment and services, risk management personnel, and anyone else in an organization that handles controlled, unclassified information (CUI). The fourteen families of classification, also known as “domains” cover the essential security controls governing the safeguarding of CUI. These controls are the very same ones that you’d encounter in other security-focused certification courses such as Security+. Each domain has a set of requirements known as the “Basic” set. This basic set defines the ultimate goals of the domain. The other set of requirements is known as the “Derived” set and consists of the means to implement the goals set forth in the basic set. As an example, the basic set of requirements for the “Awareness and Training” domain specifies that all users of CUI systems are made aware of the risks and policies regarding the protection of CUI. The implementation of the goals set forth in the basic requirements is specified in the derived requirements. In the case of “Awareness and Training” the derived requirements specify the need for security awareness training for users along with surveillance to monitor any security breaches directed against CUI. Kelly points out that though all domains have a basic set of requirements, two of them don’t have a corresponding set of derived requirements. Each module in this course discusses a specific domain and its corresponding requirements, both basic and derived, as set forth in the NIST 800-171 publication.

In this course, Cybrary’s Kelly Handerhan takes us through the fourteen families of classifications for controlled, unclassified information as defined in the NIST 800-171 standard. This standard, issued by the National Institute of Standards and Technology (NIST), governs the handling of unclassified yet sensitive information on systems in non-federal agencies. It is part of an initiative to reduce the number of unclassified information categories such as “For Official Use Only” (FOUO) and “Sensitive But Unclassified” (SBU). It’s important to keep in mind that just because certain information is unclassified doesn’t mean that it should be freely available to anyone wishing access. It’s still vital that security controls are in place to safeguard such information when it is outside federal infrastructure. The audience for standard NIST 800-171 is developers involved in the Software Development Life Cycle (SDLC), project managers, those that procure and outsource equipment and services, risk management personnel, and anyone else in an organization that handles controlled, unclassified information (CUI). The fourteen families of classification, also known as “domains” cover the essential security controls governing the safeguarding of CUI. These controls are the very same ones that you’d encounter in other security-focused certification courses such as Security+. Each domain has a set of requirements known as the “Basic” set. This basic set defines the ultimate goals of the domain. The other set of requirements is known as the “Derived” set and consists of the means to implement the goals set forth in the basic set. As an example, the basic set of requirements for the “Awareness and Training” domain specifies that all users of CUI systems are made aware of the risks and policies regarding the protection of CUI. The implementation of the goals set forth in the basic requirements is specified in the derived requirements. In the case of “Awareness and Training” the derived requirements specify the need for security awareness training for users along with surveillance to monitor any security breaches directed against CUI. Kelly points out that though all domains have a basic set of requirements, two of them don’t have a corresponding set of derived requirements. Each module in this course discusses a specific domain and its corresponding requirements, both basic and derived, as set forth in the NIST 800-171 publication.

Module 1: Intro

Module 2: The Requirements

Module 3: Access Control

Module 4: Awareness & Training

Module 5: Audit & Accountability

Module 6: Configuration Management

Module 7: Identification & Authentication

Module 8: Incident Response

Module 9: Maintenance

Module 10: Media Protection

Module 11: Personnel Protection

Module 12: Physical Protection

Module 13: Risk Assessment

Module 14: Security Assessment

Module 15: Systems & Communications Protection

Module 16: Systems & Information Integrity

Module 17: Review & Conclusion

×

    Your Email (required)

    Report this page
    NIST 800-171 Controlled Unclassified Information Course
    NIST 800-171 Controlled Unclassified Information Course
    LiveTalent.org
    Logo
    Skip to content