How long is the NCSP 800-184 Foundation course?

This is a 2-day instructor-led course.

Who should attend this recovery-focused course?

It is ideal for incident response teams, resilience planners, and cybersecurity professionals.

Are there prerequisites for this course?

No prerequisites are required for this Foundation-level course.

Do participants receive certification?

Yes, attendees receive the NCSP 800-184 Foundation Certificate and digital badge.

NIST Cybersecurity Professional®
NCSP® 800-184 Foundation Certificate

Learn How to Build Effective Cybersecurity Event Recovery Programs with NIST SP 800‑184

NIST Cybersecurity Professional®

NCSP® 800-184 Foundation Certificate

Course Description

When a cybersecurity event disrupts operations, organisations must respond quickly, restore critical services, and recover with confidence. NIST SP 800‑184 provides the authoritative guidance for developing, implementing, and maintaining Cybersecurity Event Recovery (CER) plans that support resilience, continuity, and organisational readiness.

The NCSP® 800‑184 Foundation Certificate is a 2‑day, instructor‑led course introducing participants to the concepts, processes, and recovery lifecycle activities defined in the NIST SP 800‑184 Guide for Cybersecurity Event Recovery.

This course teaches how to build recovery strategies, coordinate technical and business recovery teams, and integrate recovery planning into NIST CSF 2.0, incident response, and enterprise resilience programs.

What You Will Learn

Participants gain foundational knowledge required to apply NIST SP 800‑184 concepts across recovery and resilience programs. You will learn:

How NIST SP 800‑184 supports NIST CSF 2.0, incident response, and organisational resilience.
The structure, terminology, and recovery lifecycle defined in NIST SP 800‑184.
How to develop and maintain Cybersecurity Event Recovery (CER) plans.
How to coordinate technical, operational, and business recovery activities.
How to integrate recovery planning into risk management, continuity, and resilience programs.
How to measure recovery readiness and improve recovery maturity over time.

Course Agenda

Day 1: Cybersecurity Event Recovery Foundations & Planning

Module 1: Introduction to NIST SP 800‑184

Overview of the Cybersecurity Event Recovery Guide, its purpose, and alignment with NIST CSF 2.0 and incident response.

Module 2: Cybersecurity Event Recovery Concepts

Core concepts including recovery objectives, dependencies, and organisational readiness.

Module 3: Developing Cybersecurity Event Recovery Plans

Building CER plans that define roles, responsibilities, recovery strategies, and communication pathways.

Module 4: Recovery Preparation & Readiness Activities

Establishing capabilities, resources, and processes that support effective recovery execution.

Day 2: Execution, Coordination & Continuous Improvement

Module 5: Executing Cybersecurity Event Recovery Activities

Coordinating technical and business recovery actions to restore services and minimise impact.

Module 6: Recovery Analysis & Reporting

Assessing recovery performance, documenting lessons learned, and identifying improvement opportunities.

Module 7: Integrating Recovery into Cybersecurity Programs

Embedding recovery planning into CSF 2.0, incident response, continuity, and resilience programs.

Module 8: Improving Recovery Maturity

Enhancing recovery governance, testing, and lifecycle management to strengthen organisational resilience.

Learning Outcomes

Participants will be able to:

Explain how NIST SP 800‑184 supports NIST CSF 2.0, incident response, and organisational resilience.
Identify and describe the recovery lifecycle and key concepts defined in NIST SP 800‑184.
Develop Cybersecurity Event Recovery (CER) plans aligned with organisational objectives.
Coordinate technical and business recovery activities during cybersecurity events.
Analyse recovery performance and support continuous improvement.
Integrate recovery planning into broader cybersecurity, continuity, and resilience programs.

Who Should Attend?

This course is designed for professionals responsible for planning, coordinating, or managing cybersecurity recovery activities, including:

Incident Response & Cybersecurity Operations Teams
Business Continuity & Disaster Recovery Professionals
Risk Management & Resilience Personnel
Cybersecurity Architects & Engineers
IT Operations & Service Management Teams
System Integrators & Technology Vendors
Program & Project Managers supporting recovery initiatives

Prerequisites

There are no formal prerequisites for this Foundation‑level course, though a basic understanding of cybersecurity concepts and the NIST CSF is recommended.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-184 Foundation Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-184 Foundation Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-184 Foundation Certificate digital badge.