
NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate

Course Outline
This structured 3-day course ensures participants gain practical knowledge on implementing and managing cybersecurity controls using NIST CSF 2.0 and NIST 800-53 as an informative reference.
Day 1: Foundations of NIST SP 800-53 and NIST CSF 2.0
Objective: Understand the fundamentals of NIST SP 800-53 Rev. 5, NIST CSF 2.0, and their integration for organisational cybersecurity.
Duration: 8 hours
Introduction to NIST 800-53 Rev. 5 (1 hour)
-
Overview of NIST SP 800-53 Rev. 5: Purpose, structure, and applicability
-
Relationship between NIST SP 800-53 Rev. 5 and CSF 2.0
NIST CSF 2.0 Core Functions and Governance (2 hours)
-
CSF 2.0’s six core functions: GOVERN, IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER
-
Deep dive into GOVERN: Policies, roles, responsibilities, and oversight
-
Mapping CSF 2.0 categories and subcategories to 800-53 controls
-
Implementation tiers (Partial, Risk-Informed, Repeatable, Adaptive)
NIST SP 800-53 Structure and Control Families (2 hours)
-
Structure: Control families, enhancements, and baselines (Low, Moderate, High)
-
Security vs. privacy controls
-
Tailoring controls to organisational needs
-
NCSP approach to control selection and implementation
Practical Exercise: Mapping CSF 2.0 to 800-53 (2 hours)
-
Group activity: Map CSF 2.0 subcategories (e.g., ID.AM-1, PR.AC-1) to 800-53 controls
-
Case study: Apply GOVERN function to establish a cybersecurity program
-
Discussion: Aligning organisational objectives with CSF tiers and 800-53 baselines
Q&A and Day 1 Wrap-Up (1 hour)
-
Review key concepts
Day 1 Learning Outcomes:
-
Understand NIST SP 800-53 and CSF 2.0
-
Recognize how CSF 2.0’s GOVERN function integrates with 800-53 controls
-
Map CSF 2.0 outcomes to 800-53 controls
-
Identify appropriate control baselines and tiers for organisational needs
Day 2: Implementing and Managing NIST SP 800-53 Controls with CSF 2.0
Objective: Learn to implement, tailor, and manage NIST SP 800-53 controls while leveraging CSF 2.0 for governance and risk management.
Duration: 8 hours
Risk Management and CSF 2.0 Integration (1.5 hours)
-
Risk Management overview
-
Role of CSF 2.0’s GOVERN and IDENTIFY functions in risk assessment
-
Selecting and tailoring 800-53 controls based on risk profiles
-
Incorporating supply chain risk management (CSF 2.0 and 800-53 SCRM controls)
Implementing 800-53 Controls (2 hours)
-
Step-by-step implementation of key control families (e.g., AC, AU, CM, IA, SC)
-
Practical considerations for security and privacy controls
-
Using CSF 2.0’s PROTECT and DETECT functions to guide control implementation
Practical Exercise: Control Implementation (2 hours)
-
Case study: Implement controls for a fictional organization (e.g., access control, incident response)
-
Group activity: Develop a control implementation plan using CSF 2.0 outcomes and 800-53 controls
-
Review tailoring decisions based on organisational risk and CSF tiers
Monitoring and Continuous Improvement (1.5 hours)
-
CSF 2.0’s DETECT, RESPOND, and RECOVER functions for ongoing monitoring
-
Continuous monitoring strategies using 800-53 controls (e.g., AU-6, CA-7)
-
Assessing control effectiveness with CSF 2.0 metrics
Q&A and Day 2 Wrap-Up (1 hour)
-
Review implementation challenges
Day 2 Learning Outcomes:
-
Apply NIST RMF steps to implement 800-53 controls
-
Use CSF 2.0 to guide risk-based control selection and monitoring
-
Understand continuous monitoring and improvement processes
Day 3: Assessing and Auditing
Objective: Master assessment and auditing of NIST SP 800-53 controls, align with CSF 2.0 outcomes.
Duration: 8 hours
Assessing NIST SP 800-53 Controls (2 hours)
-
Assessment methodologies (e.g., NIST SP 800-53A)
-
Aligning assessments with CSF 2.0 outcomes
-
Conducting gap analyses and risk assessments
Auditing and Compliance (2 hours)
-
Audit preparation using 800-53 and CSF 2.0
-
Alignment with compliance frameworks
-
Role of CSF 2.0’s GOVERN function in audit readiness
Practical Exercise: Control Assessment and Audit (2 hours)
-
Group activity: Conduct a mock assessment of selected 800-53 controls
-
Case study: Develop an audit checklist using CSF 2.0 and 800-53
-
Simulate remediation planning based on assessment findings
Q&A, Course Review, and Closing (2 hours)
-
Recap of key concepts from Days 1–3
Day 3 Learning Outcomes:
-
Conduct assessments and audits of 800-53 controls
-
Align compliance efforts with CSF 2.0 outcomes
-
Develop actionable remediation plans based on assessment findings
Pre-requisites
Participants are required to have attended the NIST Cybersecurity Professional® (NCSP®) CSF 2.0 Foundation Certificate prior to attendance on the NCSP® 800-53 Practitioner course.
Participants are provided with:
-
NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate courseware including links to further related reading and resources
-
NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate of Completion
-
NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate digital badge
Delivery Options
-
3-day, instructor led delivery on site or remotely via TEAMS