NIST/CISA SBD Fundamentals
$1,495.00
Save 10% when ordering two qualified courses!
Title: NIST/CISA Secure by Design (SBD) Fundamentals
Modalities: Virtual | Classroom | Hybrid
Duration: 2 days
Overview
This course is designed to introduces students to the foundational concepts behind the National Institute of Standards and Technology (NIST) and Cybersecurity & Infrastructure Security Agency (CISA) secure by design and secure by default practices.
Who Should Attend
Line of Business Leadership
Non-Technical Managers
Technical Managers
Industry Members (e.g., Manufacturing Extension Program, State-Federal Liaisons)
Course Agenda
Day 1 (AM):
Introductions
What is vulnerable by design
What is secure by design
What is secure by default
What is the relationship with the Secured Software Development Framework (SSDF) and NIST SP 800-218
Security principles overview
Day 1 (PM):
Software product security principles detail
Principle 1: Take ownership of customer security outcomes
Explanation
Demonstrating the principle
Secure by default practices
Eliminate default passwords
Conduct field tests
Reduce hardening guide size
Actively discourage use of unsafe legacy features
Implement attention grabbing alerts
Create secure configuration templates
Secure product development practices
Document conformance to a secure SDLC framework
Document cybersecurity performance goals (CPG) or equivalent conformance
Vulnerability management
Responsible use of open source software
Provide secure defaults for developers
Foster a software developer workforce that understands security
Test security incident event management (SIEM) and security orchestration, automation, and response (SOAR) integration
Align with zero trust architecture (ZTA)
Pro-security business practices
Provide logging at no additional charge
Eliminate hidden taxes
Embrace open standards
Provide upgrade tooling
Day 2 (AM):
Software product security principles detail
Principle 2: Embrace radical transparency and accountability
Explanation
Demonstrating this principle
Secure by default practices
Publish aggregate security-relevant statistics and trends
Publish patching statistics
Publish data on unused privileges
Secure product development practices
Establish internal security controls
Publish high-level threat models
Publish detailed secure SDLC self-attestations
Embrace vulnerability transparency
Publish software bills of materials (SBOMs)
Publish a vulnerability disclosure policy
Pro-security business practices
Publicly name a secure by design senior executive sponsor
Publish a secure by design roadmap
Publish a memory-safety roadmap
Publish results
Day 2 (PM):
Software product security principles detail
Principle 3: Lead from the top
Explanation
Demonstrating this principle
Include details of secure by design program in corporate financial reports
Provide regular reports to your board of directors
Empower the secure by design executive
Create meaningful internal incentives
Create a secure by design council
Create and evolve customer councils
Secure by design tactics
Secure by default tactics
Review
Exam
Training Date
Quantity