Authorizing Official (AOM-301)



Authorizing Official (AOM-301)

This is a closed class. It requires a contract. On-site for 22 people.

Days: 5 Days Labs: Yes –Local Cyber Range

Type of Course: Advanced  Security / Managerial

Prerequisites: Introduction to Authorizing Official for Management (AOM-SVY)

About this course: Maps to NICE Risk Management specialty areas under Risk Management category.

Goals: Master skills and abilities associated with formally assuming the responsibility for operating an information system at an acceptable level of risk to organizational operations. Oversee the risk management program for a mission.

Topics: Directing technical staff, understanding their roles in FedRAMP, risk management, categorization of information systems, selection of security controls, security control assessment, authorization, risk assessment, risk response and monitoring; production costs, application vulnerabilities and delivery delays, directing programmers for secure software, requirements, design, implementation, testing, and software acceptance; processes of software deployment, operations, maintenance, disposal, network types, and WAN technologies.

Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.

Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures.  Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.