top of page

NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate

NIST Cybersecurity Professional NCSP 800-53 Practitioner Certificate

Course Outline

 

This structured 3-day course ensures participants gain practical knowledge on implementing and managing cybersecurity controls using NIST CSF 2.0 and NIST 800-53 as an informative reference.

 

Day 1: Foundations of NIST SP 800-53 and NIST CSF 2.0

Objective: Understand the fundamentals of NIST SP 800-53 Rev. 5, NIST CSF 2.0, and their integration for organisational cybersecurity.

 

Duration: 8 hours

Introduction to NIST 800-53 Rev. 5 (1 hour)

  • Overview of NIST SP 800-53 Rev. 5: Purpose, structure, and applicability

  • Relationship between NIST SP 800-53 Rev. 5 and CSF 2.0

NIST CSF 2.0 Core Functions and Governance (2 hours)

  • CSF 2.0’s six core functions: GOVERN, IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER

  • Deep dive into GOVERN: Policies, roles, responsibilities, and oversight

  • Mapping CSF 2.0 categories and subcategories to 800-53 controls

  • Implementation tiers (Partial, Risk-Informed, Repeatable, Adaptive)

NIST SP 800-53 Structure and Control Families (2 hours)

  • Structure: Control families, enhancements, and baselines (Low, Moderate, High)

  • Security vs. privacy controls

  • Tailoring controls to organisational needs

  • NCSP approach to control selection and implementation

Practical Exercise: Mapping CSF 2.0 to 800-53 (2 hours)

  • Group activity: Map CSF 2.0 subcategories (e.g., ID.AM-1, PR.AC-1) to 800-53 controls

  • Case study: Apply GOVERN function to establish a cybersecurity program

  • Discussion: Aligning organisational objectives with CSF tiers and 800-53 baselines

Q&A and Day 1 Wrap-Up (1 hour)

  • Review key concepts

Day 1 Learning Outcomes:

  • Understand NIST SP 800-53 and CSF 2.0

  • Recognize how CSF 2.0’s GOVERN function integrates with 800-53 controls

  • Map CSF 2.0 outcomes to 800-53 controls

  • Identify appropriate control baselines and tiers for organisational needs

 

Day 2: Implementing and Managing NIST SP 800-53 Controls with CSF 2.0

Objective: Learn to implement, tailor, and manage NIST SP 800-53 controls while leveraging CSF 2.0 for governance and risk management.

Duration: 8 hours

Risk Management and CSF 2.0 Integration (1.5 hours)

  • Risk Management overview

  • Role of CSF 2.0’s GOVERN and IDENTIFY functions in risk assessment

  • Selecting and tailoring 800-53 controls based on risk profiles

  • Incorporating supply chain risk management (CSF 2.0 and 800-53 SCRM controls)

Implementing 800-53 Controls (2 hours)

  • Step-by-step implementation of key control families (e.g., AC, AU, CM, IA, SC)

  • Practical considerations for security and privacy controls

  • Using CSF 2.0’s PROTECT and DETECT functions to guide control implementation

Practical Exercise: Control Implementation (2 hours)

  • Case study: Implement controls for a fictional organization (e.g., access control, incident response)

  • Group activity: Develop a control implementation plan using CSF 2.0 outcomes and 800-53 controls

  • Review tailoring decisions based on organisational risk and CSF tiers

Monitoring and Continuous Improvement (1.5 hours)

  • CSF 2.0’s DETECT, RESPOND, and RECOVER functions for ongoing monitoring

  • Continuous monitoring strategies using 800-53 controls (e.g., AU-6, CA-7)

  • Assessing control effectiveness with CSF 2.0 metrics

Q&A and Day 2 Wrap-Up (1 hour)

  • Review implementation challenges

Day 2 Learning Outcomes:

  • Apply NIST RMF steps to implement 800-53 controls

  • Use CSF 2.0 to guide risk-based control selection and monitoring

  • Understand continuous monitoring and improvement processes

 

Day 3: Assessing and Auditing

Objective: Master assessment and auditing of NIST SP 800-53 controls, align with CSF 2.0 outcomes.

 

Duration: 8 hours

Assessing NIST SP 800-53 Controls (2 hours)

  • Assessment methodologies (e.g., NIST SP 800-53A)

  • Aligning assessments with CSF 2.0 outcomes

  • Conducting gap analyses and risk assessments

Auditing and Compliance (2 hours)

  • Audit preparation using 800-53 and CSF 2.0

  • Alignment with compliance frameworks

  • Role of CSF 2.0’s GOVERN function in audit readiness

Practical Exercise: Control Assessment and Audit (2 hours)

  • Group activity: Conduct a mock assessment of selected 800-53 controls

  • Case study: Develop an audit checklist using CSF 2.0 and 800-53

  • Simulate remediation planning based on assessment findings

Q&A, Course Review, and Closing (2 hours)

  • Recap of key concepts from Days 1–3

Day 3 Learning Outcomes:

  • Conduct assessments and audits of 800-53 controls

  • Align compliance efforts with CSF 2.0 outcomes

  • Develop actionable remediation plans based on assessment findings

 

Pre-requisites

Participants are required to have attended the NIST Cybersecurity Professional® (NCSP®) CSF 2.0 Foundation Certificate prior to attendance on the NCSP® 800-53 Practitioner course.

Participants are provided with:

  • NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate courseware including links to further related reading and resources

  • NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate of Completion

  • NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate digital badge

Delivery Options

  • 3-day, instructor led delivery on site or remotely via TEAMS

bottom of page