top of page

NIST Cybersecurity Professional®
(NCSP®) 800‑128 Foundation Certificate


Learn how to apply NIST SP 800‑128 Security Focussed Configuration Management (SFCM) principles to strengthen secure system operations.

NCSP 800-128 Foundation.png

NIST Cybersecurity Professional®

(NCSP®) 800‑128 Foundation Certificate

Course Description

Security‑focused configuration management (SFCM) ensures systems are deployed, maintained, and monitored using secure configuration baselines and controlled change processes. NIST SP 800‑128 provides authoritative guidance for SFCM across enterprise environments.

The NCSP® 800‑128 Foundation Certificate is a 2‑day, instructor‑led course introducing participants to SFCM principles and practices as defined in NIST SP 800‑128. This course explains baselines, change control, monitoring, verification, and alignment with NIST CSF 2.0.

Participants learn how to apply foundational SFCM concepts across systems and applications, preparing them for more advanced NCSP® architecture and operations training.

What You Will Learn

Participants gain knowledge of NIST SP 800-128 and how to integrate security into traditional configuration management processes enabling the management and monitoring of system settings in order to maintain security and minimise risk. You will learn:

  • How NIST SP 800‑128 aligns with NIST CSF 2.0 and supports configuration management programs.

  • The core concepts of secure configuration baselines.

  • How to implement change control processes.

  • How to monitor and verify configuration integrity.

  • How to integrate SFCM with vulnerability management.

  • How to embed SFCM practices into organisational security programs.

Course Agenda

Day 1: SFCM Foundations, Baselines & Change Control

Module 1: Introduction to NIST SP 800‑128

Module 2: Configuration Baselines

Module 3: Change Control Processes

Module 4: Governance & Documentation Requirements

Day 2: Monitoring, Verification & Continuous Improvement

Module 5: Configuration Monitoring

Module 6: Verification & Integrity Checking

Module 7: Integration with Vulnerability Management

Module 8: Alignment with NIST CSF 2.0

Learning Outcomes

​Participants will be able to:

  • Explain how NIST SP 800‑128 supports NIST CSF 2.0 configuration programs.

  • Describe baseline and change control requirements.

  • Apply foundational SFCM practices.

  • Validate configuration integrity and compliance.

  • Understand lifecycle and governance requirements.

  • Translate NIST SP 800‑128 guidance into actionable SFCM practices.

Who Should Attend?

Ideal for individuals who manage system configurations, compliance, and associated risk, including:

  • IT & Security Administrators

  • Cybersecurity Beginners & Career‑Changers

  • System & Network Engineers

  • Compliance & Audit Teams

  • Technical Support Staff

  • ​Configuration Managers

Prerequisites

There are no formal prerequisites for this Foundation‑level course. It is designed as an accessible entry point into NIST‑aligned cybersecurity training.


Participants are provided with:

  • NIST Cybersecurity Professional® (NCSP®) 800‑128 Foundation Certificate courseware including links to further reading and resources.

  • NIST Cybersecurity Professional® (NCSP®) 800‑128 Foundation Certificate, Certificate of Completion.

  • NIST Cybersecurity Professional® (NCSP®) 800‑128 Foundation Certificate digital badge.

​Enrol Today

Learn how to apply NIST SP 800‑128 SFCM principles to strengthen secure system operations.

NCSP 800-128 Foundation.png
Further Reading

NIST Cybersecurity Professional® 

NCSP®, NIST Cybersecurity Professional® and NIST Cyber Security Professional® are registered trademarks of CySec Professionals Ltd. All frameworks, models, and course materials are proprietary intellectual property protected across the UK, EU, US, Canada, and Australia. The Digital Trust Institute® (DTI®) is a trading name of CySec Professionals Ltd.

NCSP® is a governed, trademarked credential ecosystem aligned to NIST CSF 2.0 and key NIST Special Publications, stewarded by CySec Professionals Ltd and The Digital Trust Institute® (DTI®).

NIST content is republished courtesy of the National Institute of Standards and Technology. CySec Professionals Ltd is an independent organisation and is not affiliated with or endorsed by NIST.

Part of the NCSP® Credential Ecosystem - https://digitaltrust.institute

© 2017 - 2026 CySec Professionals Ltd. All rights reserved.

Terms & Conditions

UK Cyber Security Council Membership
Federation of Small Business Member
Greater Manchester Chamber of Commerce Member
bottom of page