What does the NCSP® 800-115 Awareness course cover?

The NCSP® 800-115 Awareness course introduces the fundamentals of security testing and assessment as defined in NIST SP 800-115. It covers key concepts such as vulnerability assessments, penetration testing, security reviews, and the overall assessment lifecycle.

Who is this course for?

This course is suitable for IT staff, security testers, auditors, system owners, and anyone involved in assurance, validation, or cybersecurity readiness activities.

Do I receive a certificate after completing the course?

Yes. Learners receive the NCSP® 800-115 Awareness Certificate issued by CySec Professionals Ltd upon successful completion of the course.

Is this course aligned to NIST standards?

Yes. The course is fully aligned to NIST SP 800-115 and supports broader adoption of NIST CSF 2.0 by strengthening organisational testing and assessment awareness.

Does this course require any prior cybersecurity experience?

No prior experience is required. The NCSP® 800-115 Awareness course is designed for beginners and non-technical audiences who need a foundational understanding of security testing principles.

How does this course support organisational cybersecurity programmes?

The course helps organisations improve their understanding of security testing, strengthen assurance activities, and build a foundation for more advanced NIST-aligned capability development.

NIST Cybersecurity Professional®
NCSP® 800-115 Awareness Certificate

Build Awareness of NIST SP 800‑115: Information Security Testing & Assessment

NIST Cybersecurity Professional®

NCSP® 800-115 Awareness Certificate

Course Description

NIST Special Publication 800‑115, Technical Guide to Information Security Testing and Assessment, provides a structured methodology for planning, executing, and reporting on security testing activities, including vulnerability assessments, penetration testing, and security audits. It helps organisations evaluate the effectiveness of security controls and identify weaknesses before they can be exploited.

The NCSP® 800‑115 Awareness Certificate is a half‑day, instructor‑led course offering a concise introduction to the purpose, structure, and strategic value of NIST SP 800‑115. Designed for executives, managers, system owners, and stakeholders, this course explains how security testing supports risk management, compliance, and continuous improvement, without requiring hands‑on technical testing skills.

Participants gain a high‑level understanding of testing methodologies, assessment types, organisational responsibilities, and how 800‑115 integrates with CSF 2.0, RMF (800‑37), 800‑53, and broader cybersecurity assurance frameworks.

What You Will Learn

Participants gain essential awareness‑level knowledge of NIST SP 800‑115. You will learn:

The purpose, scope, and structure of the NIST Technical Guide to Information Security Testing.
The major types of security assessments, including testing, examination, and interviewing.
The phases of the NIST testing methodology: planning, execution, and post‑testing activities.
How vulnerability assessments and penetration tests support risk‑based decision‑making.
Organisational roles and responsibilities in security testing and assurance.
How 800‑115 aligns with CSF 2.0, RMF, 800‑53, and continuous monitoring programmes.

Course Agenda

Module 1: Introduction to NIST SP 800‑115 & Security Testing Fundamentals

A high‑level overview of NIST SP 800‑115, its purpose, and its role in evaluating the effectiveness of security controls. Introduces core concepts including testing, examination, and interviewing.

Module 2: Security Assessment Types & Testing Methodologies

An awareness‑level introduction to the major assessment types and testing techniques, including:
- Vulnerability scanning
- Penetration testing
- Security audits
- Log reviews
- File integrity checks
Explains how these methods support risk identification and control validation.

Module 3: Roles, Responsibilities & Governance for Security Testing

A concise overview of key roles involved in planning and overseeing security testing, including system owners, security teams, assessors, and governance bodies. Covers authorisation, scope definition, rules of engagement, and reporting responsibilities.

Module 4: Applying NIST 800‑115 in Practice - Alignment, Use Cases & Continuous Improvement

An introduction to how organisations apply 800‑115 in real‑world environments. Covers alignment with CSF 2.0, RMF (800‑37), 800‑53 controls, and continuous monitoring.

Learning Outcomes

Participants will be able to:

Describe the purpose and structure of NIST SP 800‑115.
Explain the major types of security assessments at an awareness level.
Understand the phases of the NIST testing methodology.
Recognise key roles and responsibilities in security testing governance.
Identify how 800‑115 aligns with CSF 2.0, RMF, 800‑53, and assurance frameworks.
Communicate the strategic value of security testing to stakeholders and teams.

Who Should Attend?

This course is designed for professionals who need a foundational understanding of security testing and assessment, including:

Executives & Senior Leaders
Business & System Owners
Governance, Risk & Compliance (GRC) Stakeholders
Programme & Project Managers
Security & Privacy Managers
Anyone seeking an introduction to security testing principles

Prerequisites

There are no prerequisites for this Awareness‑level course. No technical testing background is required.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-115 Awareness Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-115 Awareness Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-115 Awareness Certificate digital badge.