The May 2018, Binding Operational Directive (BOD) 18-02 tasked CISA to guide federal agencies on the dynamic threats to the security and resilience of High Value Assets (HVAs). In December 2018 Memorandum 19-03 (M-19-03) was released by the Office of Management and Budget (OMB) to further assist agencies with the identification and designation of HVAs.

The Continuous Diagnostics and Migration (CDM) Program has developed HVA Dashboards to help agencies reduce their risk posture and provide them with ongoing visibility into known exploited vulnerabilities (KEVs), common vulnerabilities and exposures (CVEs), and misconfigurations for their HVA assets.

This video will discuss the functionality within the CDM Agency Dashboard related to HVAs answer important questions such as: What is an HVA, the mandates to protect HVAs, the new functionality associated with HVAs, and how HVA data is being identified within the CDM Dashboard

Learning Objectives:

1. Understand what an HVA is.
2. Learn how federal mandates help to protect HVAs.
3. Provide the learner what the new functionality associated with HVAs are and how HVA data is being identified within the CDM Dashboard

Date: April 2024

Course length: 14 minutes

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Webinar – CDM Program Manager Matt House Q & A about the CDM Dashboard version 6 and beyond

Description:

Matt House describes the new capabilities of the CDM Dashboard version ES-6x, including Cyber Hygiene, CDM Enabled Threat Hunting, STIG reporting, FISMA automation and HVA reporting. This video will describe the various capabilities of the CDM Dashboard and how it can provide many benefits to federal agencies.

Learning Objective:

• Understanding the capabilities of the ES-6x version of the CDM Dashboard, with focus on the FISMA automation, Binding Operating Directives (BOD), HVA reporting, the Known Exploited Vulnerabilities (KEV) catalog, plus much more!

Date: March 2024

Length: 67 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Micro Learn: Understanding FISMA Automation with the CDM Dashboard

Description:

The next evolution of the CDM Agency Dashboard includes FISMA dashboard automation and this course provides agencies with the understanding how CDM data is automated. The FISMA dashboard provides agencies with the insight of FISMA metrics that can be supported using CDM data. The metrics that are CDM automated, agencies can follow the same steps taken by federal analysts shown in this course.

Learning Objective:

• Understand the basic principles of FISMA dashboard automation and the CDM Agency Dashboard
• How FISMA metrics can used to support CDM data
• Provide a demonstration of how FISMA Automation functions

Date: April 2024

Length: 20 minutes

Training Proficiency Area: Level 2 – Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

In this video, the updated AWARE 1.5 supplemental overview is described and how it can benefit the federal agencies. Discussion questions include: What are the changes to the scoring algorithm; what are flipping scores; how are scores prioritized; what benchmarks are being accessed.

Date: March 2023

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard better understanding the functionality of ES-5 of the CDM Agency Dashboard.

Learning Objectives:

• Understand the Header Section of the CDM Agency Dashboard ES-5
• Utilize the Tool Bar feature the dashboard
• Provide an overview of the Query Bar
• Become familiar with the Time Filter of the dashboard
• Understand the Navigation Panel and Navigation Drawer features of the dashboard

Date: May 2022

Length: 10 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Description:

Ms. Judy Baltensperger, Project Manager for the CDM Dashboard at CISA, provides a demonstration of the new capabilities of version ES-6 of the CDM Dashboard. She expands upon the Exploited Vulnerability (KEV) catalog and information provided within the catalog; delivers an overview of the reporting asset capability related to Binding Operational Directives (BOD) 22-01 and 23-01; explains the Agency Inventory Metrics (AIM), and much more!

CDM PMO Matt House provides an update of ES-6 version of the CDM Dashboard and its capabilities

Description:

Learn about the capabilities of the CDM Dashboard version ES-6. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide its many benefits to federal agencies.

Learning Objectives:

Understanding the capabilities of the ES-6 version of the CDM Dashboard, with focus on the FISMA directives, Binding Operating Directives (BOD), Database as a Service, cross cluster searching, Known Exploited Vulnerabilities (KEV) catalog, plus much more!

Date: May 2023

Length: 34 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This video explains the features of the current ES-3 version of the CDM Agency Dashboard.

Date: 2021

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

In this video, Mr. Dave Otto, the Risk expert of the CDM program, explains the Binding Operational Directive 22-01, the CISA KEV (Known Exploited Vulnerabilities) Catalog, and how agencies can better protect their assets.

Date: 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This video explains the CSM features of the current ES-3 version of the CDM Agency Dashboard.

Date: October 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This video provides an overview of the configuration settings management (CSM) capability and how CSM helps to reduce cyber-attacks in software and hardware assets within the Continuous Diagnostics and Mitigation (CDM) Program.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This video discusses the need for standardized benchmarks in the federal government and the use of Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGs) for integration within the CDM solution. A review of DISA’s role, authority, and DISA STIG compliance levels is provided as well.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

The next evolution of the CDM Agency Dashboard is being offered in a cloud-based format, which provides agencies with the same functionality but relieves them from having to manage and continue to fund all of the aspects of an “on-prem” security solution. CISA is making this dashboard tool available in a Dashboard as a Service format, or DBaaS. This video will describe DBaaS and its many benefits to federal agencies.

Learning Objectives:

• Understand the basic principals of DBaaS and the CDM Agency Dashboard
• How DBaaS can help minimize agency vulnerabilities
• Provide a demonstration of how DBaaS works

Date: October 2022

Length: 7 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This 39 minute video is an interview recording of a Mr. Ross Foard, subject matter expert for DHS/CISA, and Identity and Access Management (IAM) . This video provides participants with the essential knowledge of IAM and the CDM Agency Dashboard.

Learning Objectives:

• Understand CDM Agency Dashboard basic features and IAM functionality.

Date: 2021

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This video presents cybersecurity concepts associated with continuous monitoring of issues that affect networks. A review of workplan concepts, checks and reviews, and mitigation recommendations is also covered.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This video presents an overview of the System Security Analyst role and the six key responsibilities associated with that role. The importance of these six key responsibilities is covered including adherence to agency policy and assessing metrics and data.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

In this video, the AWARE 1.5 risk scoring overview is described and how it can benefit the federal agencies.

Date: May 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

In this video, Mr. Richard Grabowski, acting CDM PMO, explains CDM Enabled Threat Hunting (CETH) and how CETH benefits the federal agencies. He also discusses how the CDM Dashboard supports the implementation of Endpoint Detection and Response (EDR).

Date: 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This video explains the new AWARE 1.5 scoring and features.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.

Learning Objectives:

• Present an overview of ransomware attacks
• Identify preventative measures to block ransomware attacks
• Discuss incident response best practices for ransomware attacks
• Detail ways to implement recovery measure after a ransomware attack
• Learn to strategically plan the development and implementation of your CSIRT.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Web and email servers are the workhorses of the Internet — we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers.

This webinar includes the following information and more:

• Common attacks and vulnerabilities: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
• Key guidance for organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
• Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
• Knowledge checks: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Major cyber-attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security, or execute malicious activity without tripping network defenses.

Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity.

This webinar includes the following information and more:

• Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity.
• Understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
• Learn about the MITRE ATT&CK® framework and how it supports the analysis of IOCs, potential threat actors related to the activity and their associated strategies and tactics.
• Introduce free CISA cybersecurity tools, services, and resources to help organizations further advance their cybersecurity capabilities.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 – Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Ransomware attacks hit a new target every 14 seconds–shutting down digital operations, stealing information and exploiting businesses, essential services, and individuals alike. This one-hour webinar provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to mitigate and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

• Common attack methods: Learn the definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time. The webinar will discuss common signs of a ransomware attack and how to respond if an attack is suspected.
• Key guidance for organizations: CISA provides guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack.
• Case studies: Explore the methods and impacts of real-life cyber-attacks, and how the victims responded and recovered.
• Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Participants will be introduced to common web and email vulnerabilities, as well as the technologies of encryption and authentication to enhance web and email security. This course uses an active participation approach to facilitate realistic technical training and interaction opportunities for learners.

Experience these benefits and more:

• Learn how to implement CISA guidance: Course exercises include implementation of the recommendations in BOD 18-01.
• Identify and mitigate vulnerabilities in real time: Students identify common web and email vulnerabilities and mitigate them by reconfiguring the web server and Domain Name System (DNS) settings.
• Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Cyberattacks have made headlines for years, and the pace of threat activity faced by government and private sector organizations is accelerating. Indicators of compromise (IOCs) are the digital and informational “clues” that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. In this training, participants will be introduced to common IOCs and common protocols used to find them in their own systems.

Experience these benefits and more:

• Importance of IOCs: Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity. Students will understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
• Learn about the MITRE ATT&CK® Framework and how it supports the analysis of IOCs, potential threat actors related to the activity, and their associated tactics, techniques, and procedures (TTPs).
• Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a network’s defense. If just one computer becomes infected with ransomware, infection could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure. In this training, participants will be introduced to common applications and process that harden network defenses, as well as key concepts used in the prevention of ransomware attacks.

This training includes the following information and more:

• Common attack methods: Define ransomware and identify best practices and preventive measures to mitigate the impact of ransomware attacks.
• Lab Demonstrations: Learn how to apply specific tools to configure and back up Active Directory policies, reset Kerberos Ticket Granting Ticket (KRBTGT) account passwords, and create application allow-listing policies.
• Expert facilitation: Throughout the course, expert cybersecurity engineers’ moderate discussions and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Internet-accessible systems have become the backbone of modern business and communication infrastructure, from smartphones to web applications, to the explosive growth of the “Internet of Things” (IoT). Each of these systems and devices, however, can be targeted by threat actors and used to conduct malicious activity if they are unsecured. Worse, these systems can leave vulnerabilities and sensitive information freely available to exploit if not properly configured and maintained.

This webinar includes the following information and more:

• Common attacks and vulnerabilities: Understand common vulnerabilities of internet-accessible systems, how they are exploited by threat actors, and how to mitigate them to prevent attacks from succeeding.
• CISA guidance: Learn key guidance, resources, and best practices to address vulnerabilities and prepare effective incident response and recovery.
• Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
• Knowledge checks: Knowledge check questions will be asked throughout the course to reinforce key concepts and important takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Participants will be introduced to tactics and strategies that enable them to protect their organizations from attacks against internet-accessible system(s) (i.e., internet-accessible system attacks or IAS) through awareness of individual and organizational points of vulnerability.

Experience these benefits and more:

• Learn how to implement CISA guidance: Course exercises include implementation of the recommendations in BOD 19-02.
• Identify and mitigate vulnerabilities in real time: Students will identify common methods of scanning for vulnerabilities, analyzing event logs, and modifying firewall rules.
• Expert facilitation: Throughout the course, expert cybersecurity engineers will moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.

This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Backup Active Directory on a Domain Controller
• Restore Active Directory on a Domain Controller

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Identify the purpose of firewalls
• Present the importance of implementing firewall rules
• Identify specific firewall rules to apply

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.

This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Define Server Message Block
• Identify the three versions of SMB
• Present the importance of disabling SMBv1

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.

This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Reset the KRBTGT Account password

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Present the definition of a DNS Sinkhole
• Identify key terms related to the Sinkholing process
• Explain the importance of implementing a DNS Sinkhole

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. This webinar introduces the fundamentals of investigating logs for incidents.

This webinar includes the following information and more:

• Common attack methods: Understand log analysis, and its importance as a crucial component of incident response and network security.
• Key guidance for organizations: Introduce resources and tools that enable organizations and individuals to use log analysis to query for threat activity including SIEM, FPCAP analysis, and using PowerShell and Active Directory to run scripts.
• Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
• Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This webinar includes the following information and more:

• Importance of network diagrams: Students will learn the importance of creating and maintaining network topology diagrams. Students will also understand the importance of identifying data flows and storage, identifying remote access points and external connections, and network segmentation for security.
• Key guidance for organizations: CISA provides guidance on what to include in network diagrams.
• Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the importance of having a network diagram, types of diagrams, common network diagramming tools, and commonly used network symbols.

Learning Objectives:

• Recognize how networks have evolved to include external cloud-based architectures
• Recognize the importance of creating and maintaining network topology diagrams

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the importance of knowing and understanding how networks and assets are connected, segmented, controlled, and architected for representation in network diagram designs.

Learning Objectives:

• Identify the difference between logical and physical topology diagrams
• Identify the common network topology patterns
• Define network architecture

Date: 2023

Training Proficiency Area: Level Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the importance of knowing what’s on their networks, where data enters and exits and how the data flows through their network, and how they can use asset discovery and mapping tools to help either gather this information or create a diagram.

Learning Objectives:

• Explain why an asset scanning and mapping tool is used
• Recognize the importance of identifying data flows and storage
• Explain the importance of identifying remote access points and external connections
• Explain the importance of network segmentation for security

Date: 2023

Training Proficiency Area: Level Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the process of creating a network diagram which includes identifying assets, sketching a diagram, choosing an application, selecting a network template, building the diagram, creating a legend, and maintaining the diagram.

Learning Objectives:

• Describe the steps for building a network diagram
• Identify the generic templates and symbols used in creating network diagrams

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module provides a scenario-based demonstration of how to build a basic internal network diagram using Microsoft Visio. Part 1 is demonstration only and Part 2 is the same as part 1 but provides users the ability to click on interactive sections of the screen to simulate the network diagramming build activity.

Learning Objectives:

• Demonstrate how to build an internal LAN Network Diagram using Microsoft Visio

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module provides a scenario-based demonstration of how to build a basic internal network diagram using Microsoft Visio. Part 1 is demonstration only and Part 2 is the same as part 1 but provides users the ability to click on interactive sections of the screen to simulate the network diagramming build activity.

Learning Objectives:

• Demonstrate how to build an internal LAN Network Diagram using Microsoft Visio

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module provides a scenario-based demonstration of how to build an external network diagram using Microsoft Visio. It is a hybrid tutorial that includes demonstration, instruction, and interaction.

Learning Objectives:

• Demonstrate how to build an external Network Diagram using Microsoft Visio

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

The Domain Name System, commonly known as DNS, is often referred to as the “phone book” of the Internet. Every time we access the Internet to visit our favorite websites, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly useful, it also presents a rich attack surface. Threat actors have the ability to shut down websites and online services, replace legitimate website content with threats or extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal information entered by users. This recorded webinar provides an organizational perspective and is accessible to a general audience including managers, business leaders, and technical specialists.

This webinar includes the following information and more:

• Common attacks and vulnerabilities: Learn how to identify a potential attack on DNS infrastructure.
• CISA guidance: CISA provides information on best practices to reduce the likelihood and impact of a successful DNS attack.
• Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
• Knowledge checks: The course provides knowledge checks throughout the presentation to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

DNS is one of the core foundations of the internet. However, it continues to be one of the mechanisms attackers use to perform malicious activities across the globe. In this course participants will learn about various concepts associated with DNS, become familiar with DNS tools and mapping information, be introduced to common DNS tampering techniques, and gain an understanding of DNS mitigation strategies to enhance security.

Experience these benefits and more:

• Learn how to implement remediations: Course exercises include remediating vulnerabilities.
• Identify and mitigate vulnerabilities in real time: Students identify DNS infrastructure tampering techniques and mitigate them.
• Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Network Forensics Section 101 (NFS 101)

Prerequisite(s): None

Course Setting: Online, self-paced

Length: 8.5 hours

Training Purpose: Skill Development

Audience: Network Forensic Section (NFS) Analysts and others assigned by management

Description:

The NFS 101 course aims to establish a baseline understanding of the NFS mission, goals, structure, and deployment kits. The course identifies components of a deployment kit and provides an overview of the pre-deployment, onsite, and remote functions of the kit. It also discusses the NFS process for artifacts and data collection, as well as the basic analysis of artifacts and data.

By the end of the course, trainees will be able to:

1. State the NFS mission, goals, and structure.
2. Identify components of a deployment kit.
3. Describe the pre-deployment, onsite, and remote functions of the kit.
4. Discuss the NFS process for collecting artifacts and data.
5. Discuss the NFS process for basic analysis of artifacts and data.

Network Forensics Section 201 (NFS 201)

Prerequisite(s): NFS 101

Course Setting: Online, self-paced

Length: 10 hours

Training Purpose: Skill Development

Audience: New/current NFS analysts assigned to Threat Hunting

Description:

The NFS 201 course immerses the learner into a scenario as a new analyst who is tasked with analyzing artifacts and data for malicious activity in a Splunk threat emulation environment. This training also encompasses a self-paced module hosted on CISA's Virtual Learning Portal (VLP) where they must move between the threat emulation environment on the TEN and the self-paced module on the VLP to complete the training.

By the end of the course, trainees will be able to:

1. Identify servers on a network based on network traffic.
2. Investigate indicators of compromise for vulnerabilities in a client’s network.
3. Perform analysis of collected data to identify possible threats to client assets.
4. Reconstruct a malicious attack or activity based on available network traffic and artifacts.

Assessment:

Trainees will need to complete an end-of-course assessment with 100% accuracy. Upon successful completion trainees will be granted 1.0 CEUs.

Data Analytics Using the CDM Dashboard

Description:

This two-hour self-paced course takes your experience using the CDM Dashboard and Kibana to the next level. Tailored for advanced Dashboard users, this eLearning consists of nine modules with hands-on activities that will boost your skills. Learn how to apply Kibana and the CDM Dashboard in real-world scenarios to become a pro at data visualization and analysis.

Objectives:

• Describe how data sources correspond to data targets in the CDM Dashboard Ecosystem.
• Explain how data views (previously known as index patterns) are used within the CDM Dashboard Ecosystem.
• Explain the purpose and create, modify, and share spaces, dashboards, visualizations, searches, and objects.
• Use the discover tool and best search practices.
• Apply knowledge of the CDM Dashboard Ecosystem and Kibana to use cases.

BIRT Refresher Course

Prerequisite(s): BIRT

Course Setting: Online, self-paced

Length: 2 hours

Training Purpose: Maintain Incident Response Qualification (IRQ)

Audience: Threat Hunting (TH) Staff participating in hunt and incident response engagements; detailees assigned to TH participating in hunt and IR engagements

Description:

The purpose of the Basic Incident Response Training (BIRT) is to provide TH Staff a baseline of knowledge and skills regarding processes, procedures, resources, and tools used for onsite IR functions. TH Staff maintain their IRQ by completing the annual BIRT Refresher Course presenting updates to IR processes and procedures. TH Staff are required to complete the BIRT Refresher annually.

Assessment:

TH Staff will need to complete an end-of-course assessment with minimum 80% accuracy. Upon successful completion TH Staff maintain their IRQ.

Cross-cluster Search Queries

Description:

This one-hour self-paced course is required for account provisioning on the CDM Federal Dashboard. This eLearning consists of two modules. At the successful conclusion of this course you are be able to download a certificate of complete from your transcript.

Learning Objective:

• Construct precise and specific queries using the cross-cluster search functionality.

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course is a self-study resource to help prepare for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. The course focuses on configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. It includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.

Learning Objectives:

• Review of objectives for the Cisco Certified Entry Networking Technician certification
• Supplemental preparation for the Cisco CCENT certification exam

Date: 2016

Training Purpose: Operate and Maintain

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course is the follow-up to Cisco CCENT and is aimed to prepare learners for the Cisco CCNA Security exam. Content covered in this course includes protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. The course focuses on a theoretical understanding of network security, knowledge, and skills designed to implement it. This course contains several reinforcing video demonstrations and final exam.

Learning Objectives:

• Review of objectives for the Cisco Certified Network Associate certification
• Supplemental preparation for the Cisco CCNA certification exam

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.

Learning Objectives:

• Define cloud models and components.
• Apply CSA security guidance and other best practices to cloud deployments.
• Understand cybersecurity requirements within the Shared Responsibilities model.
• Prepare for cloud computing governance and compliance challenges.
• Relate traditional cybersecurity controls to popular cloud solutions.
• Recognize and prepare for cloud computing threats.
• Review additional cloud security tools and use cases.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

The Cloud Computing Concepts course highlights concepts and best practices for cloud architecture, design, security, and operations. Topics include leveraging cloud environments for critical assets or operations, and the impacts on data and application security, as well as legal, risk, and compliance considerations.

Learning Objectives:

• Compare cloud service and deployment models and each’s impact on customer control and responsibilities
• Identify data security strategies within cloud environments
• Explain secure data center design concepts including example risks and security controls
• Describe the Secure Software Development Life Cycle (SDLC) and its relation to applications within cloud environments
• Summarize concepts for building, operating, and managing physical and logical infrastructure for cloud environments
• Outline privacy, legal, and audit requirements with cloud environments, and how it relates to evaluating providers

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course features National Defense University Professor Robert Richardson who discusses important security and oversight requirements for commercial cloud solutions.

Learning Objectives:

• Overview of the cloud physically, logically, and architecturally.
• Discuss cloud deployment models and characteristics.
• Overview of cloud infrastructure characteristics.
• Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
• Cloud software components - microservices & APIs.
• The driving forces and key technology enablers of commercial cloud services in the Federal Government.
• Must-have security requirements and policies for cloud solutions.
• The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
• Where Federal Government adoption of commercial cloud is now and predictions for the future.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Think about your organization’s most critical functions: what do others depend on you to provide? Your high-value assets (HVAs), also known as critical assets across many industries, are the information or information systems that have serious impact to your organization’s ability to conduct its mission or business operations if lost, corrupted, or inaccessible. Across sectors and industries, data and information systems that underpin core business and operational functions- or those systems that connect to core functionalities- make highly tempting targets for sophisticated criminal, politically motivated, or state-sponsored actors to exploit directly or compromise to undermine public trust.

The HVA program was established by CISA to help organizations gain a comprehensive understanding of the risks that dynamic threat actors pose and identify the high-value information and systems that are likely targets.

This webinar provides an overview of the following key information:

• HVA and critical asset overview: Define high-value assets, and how to assess and prioritize risks.
• Common threats: Understand the most likely threats to HVAs and how to mitigate associated vulnerabilities.
• CISA guidance: Learn the steps and parameters to identify, categorize, prioritize, and secure your HVAs or critical assets.
• Case studies: Explore the impacts of documented critical or high-value asset cyberattacks, and the success of resulting response and recovery efforts.

This course is accessible to a non-technical audience including managers and business leaders and provides an organizational perspective useful to technical specialists.

Date: July 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.

Learning Objectives:

• Define and give examples of critical infrastructure.
• Identify possible cyber threats to critical infrastructure.
• Describe U.S. cybersecurity policies and programs.
• Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of and stay current on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure and stay abreast of changes in general cybersecurity policies.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

This course highlights 'dark' or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks. The course includes reinforcing video demonstrations.

Learning Objectives:

• Explain several techniques for obfuscating online activities.
• List examples of technologies leveraged for deceptive purposes.
• Detail best practices for prevention and protection from malicious cyber activities.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Introduction to the CDM Agency Dashboard

Course Length: 3 hours

Description:

This course is a recording of a virtual 3-hour course which provides participants with the essential knowledge of the ES-6 version of the CDM Agency Dashboard. It explains basic features and navigation within the environment and includes demonstrations using the CDM Agency Dashboard to identify and report on asset vulnerabilities and other key features of the dashboard.

Register to join the next live iteration of this course via https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training.

Learning Objectives:

• Understand CDM Agency Dashboard basic features and functionality
• Instructor demonstrates the CDM Agency Dashboard

Date: March 2024

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course highlights best practices applicable to a wide variety cybersecurity job roles. Topics include risk management, architecture and design, and tools and technologies. This course also covers key concepts for detecting, protecting, and defending from security threats.

Learning Objectives:

• List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities.
• Explain how various tools and technologies are configured or deployed to support an organization's security posture.
• Detail risk management best practices and mitigation strategies.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework