How long is the NCSP 800-115 Foundation course?

This is a 2-day instructor-led course.

Who should attend this security testing course?

It is ideal for penetration testers, security analysts, auditors, and cybersecurity professionals.

Are there prerequisites for this course?

No prerequisites are required for this Foundation-level course.

Do participants receive certification?

Yes, attendees receive the NCSP 800-115 Foundation Certificate and digital badge.

NIST Cybersecurity Professional®
NCSP® 800-115 Foundation Certificate

Learn the Fundamentals of Technical Security Testing with NIST SP 800‑115

NIST Cybersecurity Professional®

NCSP® 800-115 Foundation Certificate

Course Description

Modern organisations must validate the effectiveness of their cybersecurity controls through structured, repeatable, and ethically governed technical security testing. NIST SP 800‑115 provides the authoritative methodology for planning, executing, and reporting security tests, including vulnerability assessments, penetration testing, and security evaluation techniques.

The NCSP® 800‑115 Foundation Certificate is a 2‑day, instructor‑led course introducing participants to the concepts, processes, and testing methodologies defined in the NIST SP 800‑115 Technical Guide to Information Security Testing and Assessment.

This course teaches how to plan and conduct security tests aligned with NIST guidance, how to select appropriate testing methods, and how to integrate testing activities into NIST CSF 2.0, risk management, and continuous improvement programs.

What You Will Learn

Participants gain foundational knowledge required to apply NIST SP 800‑115 concepts across security testing programs. You will learn:

How NIST SP 800‑115 supports NIST CSF 2.0, risk management, and continuous monitoring.
The structure, terminology, and testing methodologies defined in NIST SP 800‑115.
How to plan, scope, and authorise security testing activities.
How to apply vulnerability scanning, penetration testing, and security assessment techniques.
How to analyse findings, document results, and support remediation.
How to integrate testing into ongoing cybersecurity operations and improvement cycles.

Course Agenda

Day 1: Security Testing Foundations & Methodologies

Module 1: Introduction to NIST SP 800‑115

Overview of the Technical Guide, its purpose, and alignment with NIST CSF 2.0 and risk management.

Module 2: Security Testing Concepts

Core concepts including testing types, objectives, constraints, and ethical considerations.

Module 3: Planning & Scoping Security Tests

Defining objectives, selecting methods, establishing rules of engagement, and preparing test plans.

Module 4: Testing Methodologies

Applying vulnerability scanning, penetration testing, and security assessment techniques.

Day 2: Execution, Analysis & Continuous Improvement

Module 5: Conducting Security Tests

Executing tests safely and effectively while maintaining control, documentation, and evidence integrity.

Module 6: Analysing & Reporting Results

Evaluating findings, prioritising risks, and producing actionable reports for stakeholders.

Module 7: Integrating Testing into Cybersecurity Programs

Embedding testing activities into CSF 2.0, RMF, and continuous monitoring processes.

Module 8: Improving Testing Maturity

Enhancing testing repeatability, governance, and alignment with organisational security objectives.

Learning Outcomes

Participants will be able to:

Explain how NIST SP 800‑115 supports NIST CSF 2.0, risk management, and continuous monitoring.
Identify and describe the testing methodologies defined in NIST SP 800‑115.
Plan and scope security testing activities aligned with organisational objectives.
Conduct vulnerability assessments and penetration testing using NIST‑aligned techniques.
Analyse test results, document findings, and support remediation efforts.
Integrate security testing into ongoing cybersecurity operations and improvement cycles

Who Should Attend?

This course is designed for professionals responsible for conducting, managing, or overseeing security testing activities, including:

Penetration Testers & Security Assessors
Cybersecurity Analysts & Engineers
Vulnerability Management Teams
Risk Management & Compliance Personnel
DevSecOps & Application Security Teams
System Integrators & Technology Vendors
Program & Project Managers supporting security testing initiatives

Prerequisites

There are no formal prerequisites for this Foundation‑level course, though a basic understanding of cybersecurity concepts and the NIST CSF is recommended.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-115 Foundation Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-115 Foundation Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-115 Foundation Certificate digital badge.