Skip Ribbon Commands Skip to main content
  
Training
Description
Edit
Unclassified
Cyberspace Defense - (*DoD PKI Cert req'd)
Date 03/14 – Ver 1.0


This interactive web-based training defines cyberspace defense (CD), presenting CD as a subset of cybersecurity. The training describes what DoD Information Networks (DoDIN) and Network Operations (NetOps) are, to include the relationship between them and their functioning within the single security architecture of the Joint Information Environment (JIE). This instruction identifies key cybersecurity requirements for cyberspace defense for the DoD, for each DoD Component, and for local control centers within each DoD Component. The user learns which organizations provide cybersecurity services for the DoD, as well as the requirements these Cybersecurity Service Providers (CSPs) must meet to provide cybersecurity services. This training presents a high-level explanation of the certification and accreditation process for CSPs. The CSP principal services are enumerated; to include system protection services; anti-malware; system scanning tools; Information Operations Conditions (INFOCON) Program support; Information Assurance Vulnerability Management (IAVM) support; vulnerability assessment monitoring, analysis, and detection services; as well as incident response. An explanation of the training and certification requirements for those who work as CSPs is also included. This product is designed for high-level managers who need to acquire a CSP for their organization, cybersecurity professionals who want to transition into a CSP career path, and individuals who desire a general knowledge of cyberspace defense and Cybersecurity Service Provider functions and responsibilities. (2 hrs)
Launch TrainingCD Not Available
 
Unclassified/FOUO
 
 
Cybersecurity Boot Camp (*DoD PKI Cert req'd)
Date 01/17


The DoD Cybersecurity Boot Camp course is an overview of DoD cybersecurity and the role that the DoD Risk Management Framework (RMF) plays within the DoD cybersecurity program. This course is designed to give students the overarching knowledge needed to successfully perform their duties as cybersecurity professionals. The course will provide the student with DoD cybersecurity guidance as related to law, policy, and high-level technical implementation, as well as documentation requirements and references necessary to support a successful DoD cybersecurity program.

The course describes the applicability of DoD cybersecurity policy and how DoD IT is broadly grouped. The course explains how cybersecurity policy incorporates security early and continuously within the acquisition lifecycle; adopts National Institute of Standards and Technology's (NIST) Risk Management Framework with transition to the newly revised NIST SP 800-53 Security Control Catalog; emphasizes continuous monitoring following an authorization to operate; and adopts and codifies reciprocity across the DoD cybersecurity enterprise. The course introduces the concept that cybersecurity risk management is a subset of the overall risk management process for all DoD acquisitions and extends to logistical support of fielded equipment and supply sources integrity. The course presents the integration of DoD-Wide Risk Management into three organizational and risk tier layers, beginning with a broad or strategic risk level, down to tactical risk at the system level.

(Length – Approximately 8 hours 30 minutes)
 
Launch Training
 
Unclassified
 
DoD Cybersecurity Policy
Ver 1.2, Date July 2017
Content Date 03/17

This interactive training provides an understanding of how DoD cybersecurity policy and information technology are used by the DoD cybersecurity professional, to include important issues associated with the cybersecurity professional’s responsibilities. The training has a central focus on the cybersecurity assessment and authorization for operation of DoD information systems and platform information technology (PIT) systems using the DoD Risk Management Framework (RMF) for DoD information technology (IT). This presentation provides relevant legal guidance relating to DoD cybersecurity, to include Congressional legislation, as well as Federal and DoD policy governing the cybersecurity professional. Key players related to the cybersecurity professional’s responsibilities are indicated, including the DoD Authorizing Official (AO), DoD Component Chief Information Officer (CIO), Program or System Manager (PM/SM), Information System Security Manager (ISSM), and Information System Security Officer (ISSO). The training presents cybersecurity information concerning system connection, special system configurations, and the DoD Cybersecurity Workforce Improvement Program. Information is included on DoD information system access management and auditing, as well as contingency planning. Privacy, legal, and ethical considerations involved with the cybersecurity professional’s duties are reviewed. The information in this training can also benefit mid-level and senior managers, as well as their supporting staffs. (Length – 5.0 hrs)

 
Launch Training Download WBT

(CDs and WBT/SCORM Downloads are Avaliable to DoD and Federal Users Only)
 
Unclassified
 
Enhancing Information Assurance through Physical Security
Date 10/07 – Ver 1.0

This interactive course is designed for employees needing a general awareness of how the Department's Information Assurance (IA) program is enhanced through physical security. The course consists of four sections. The first section discusses the discipline of physical security, defines terms, and looks at site selection, physical perimeter, and facility controls. The second section describes some of the threats and vulnerabilities involved in protecting the Department's IA, as well as ways to protect the resources. The third section defines the various types of equipment, and addresses what some of the risks are in using them. The last section introduces policy and best practices for protecting the Department's equipment and information. (Length - 2 hrs)
 
Launch Training HereOrder CD Download WBT

(CDs and WBT/SCORM Downloads are Avaliable to DoD and Federal Users Only)
 
Unclassified
 
​Information Assurance for Professionals Shorts
Date 12/09 – Ver 5.0

This product contains specific information related to the topics listed below. IA Roles and Responsibilities Short introduces the Information Assurance hierarchy, including the roles and responsibilities of key leadership positions as well as the responsibilities of all Authorized Users. (Length - 25 min) Auditing Logs for IA Managers Short introduces the auditing responsibilities of IA Managers. It describes the audit log and event information displayed by the system's auditing software. (Length - 20 min) Security Technical Implementation Guides (STIGs) Short introduces the purpose and uses of STIGs. SCADA Short describes how Supervisory Control and Data Acquisition systems function and significant cyber-security issues associated with DoD SCADA systems. (Length - 15 min) FISMA Short explains what the FISMA is, why it is important, how it is implemented within the Federal government and the DoD, and identifies where to obtain guidance for FISMA responsibilities. (Length - 20 min) IA Vulnerability Management Short describes the vulnerability management process in DoD and the tools that support the process. (Length - 20 min) The DoD 8570.01-M IA WIP Short presents an overview of the IA Workforce Improvement Program, defines the DoD IA workforce, and outlines the IA workforce training and certification requirements. (Length - 1 hr) The Zero Day Attack Short provides an introduction to the steps an IA professional needs to follow if they suspect that their system has been compromised by an attack which otherwise is unknown to the IA technical community (aka Zero Day Attack). (Length - 20 min)
 
Launch TrainingOrder CD Download WBT

(CDs and WBT/SCORM Downloads are Avaliable to DoD and Federal Users Only)
 
Unclassified
​Physical Security for SIPRNet - (*DoD PKI Cert req'd)
Date 05/09 - Ver 1.0

This course is for Security Managers, Information Assurance Managers, or others tasked with providing guidance for the installation of a new or expanded SIPRNet system. This course provides guidance for the physical protection of information systems assets connected to the SIPRNet. It includes concepts of recognizing and protecting classified material in all forms, and physical and technical measures required for end-to-end protection of classified data residing on SIPRNet-connected systems. Subjects covered include the establishment and maintenance of secret secure rooms, protected distribution systems, and wall jack security. (Length - 1.5 hrs)
Launch TrainingCD Not Available
 
Unclassified
 
​Privileged User Cybersecurity Responsibilities
Ver 2.1, Date Jul 2017
Content Date 03/13

Developed to be used in conjunction with annual DoD cybersecurity awareness training, this course presents the additional cybersecurity responsibilities for DoD information system users with access privileges elevated above those of an authorized user. The course identifies key terminology describing elevated user privileges, specific ethical and legal cybersecurity responsibilities of a privileged user, and DoD Public Key Infrastructure (PKI) responsibilities of a privileged user. Privileged user general cybersecurity responsibilities and restrictions covered include: reporting requirements, restricted and prohibited actions, protecting sensitive information, and the consequences of failure to comply. The PKI responsibilities of privileged users portion of the course reviews general rules for PKI credential use by privileged users, as well as general configuration guidelines for public key enabling of DoD information systems. The course stresses use of appropriate PKI tokens by privileged users for PKI identification and authentication, in addition to ensuring that the system correctly maps PKI certificates to an account with a set of associated privileges. The training delineates the seven sensitivity levels the DoD has defined for sensitive Unclassified and Secret information. These sensitivity levels, in combination with the environments from which users may access the information, are used to determine acceptable types of authentication credentials based on the credentials' strengths. (Length - 30 Min)

 
Launch TrainingOrder CD Download WBT

(CDs and WBT/SCORM Downloads are Avaliable to DoD and Federal Users Only)
 
Unclassified
 
​SRGs and STIGs
Date 01/13 - Ver 1.0

This presentation defines Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs) in the context of how these documents provide mandatory guidance for cyber security configuration practitioners and software developers. This course describes how SRGs provide general security compliance guidelines, which serve as source guidance documents for STIGs, which document applicable DoD policies and security requirements for specific technical products, as well as best practices and configuration guidelines. The training discusses the four Core SRGs that are the highest level SRGs, providing general security guidelines for operating systems, network infrastructure, applications, and non-technical policy controls. Core SRGs contain all security requirements for their specific technology and policy areas. Technology SRGs are subordinate to the Core SRGs. Technology SRGs do not refer to a specific product or product version, but contain all requirements that have been flagged as applicable from the parent level Core SRGs. The technology SRGs, in turn, provide the basis for product-specific STIGs. This training concludes by describing how SRGs and STIGs are developed and what role the STIG Community has in their development, as well as how users may join the STIG Community and participate in SRG and STIG development. (Length - 20 min.)
 
Launch TrainingOrder CD Download WBT

(CDs and WBT/SCORM Downloads are Avaliable to DoD and Federal Users Only)