Course Description:

Learn about Phishing - Did you know? Phishing scams can be hiding in plain sight.

Course Objectives:

Learners should demonstrate the ability to identify a phishing attack.

Category

OVERSEE
AND GOVERN

OPERATE
AND MAINTAIN

INVESTIGATE

COLLECT
AND
OPERATE

ANALYZE

SECURELY
PROVISION

PROTECT
AND
DEFEND

Role ID
(OPM Code)

711, 712, 722, 723, 731, 732, 751, 752, 804

411, 421, 422, 431, 441, 451, 461

211, 212, 221

311, 312, 321, 331, 332, 333

111, 112, 131,132, 133, 141, 151

611, 612, 631, 632, 641, 651, 652, 666, 671

511, 521, 531, 541

Note: The Role IDs listed above are helpful guides; the course may cover additional roles.


Mandatory Training: Yes

test description

Mandatory Training: Yes

Course Description:

One of the greatest cybersecurity risks to CMS are “phishing” attacks. The term phishing describes email that appears to be trustworthy but is fraudulent, designed to compromise CMS information and systems. To reduce this critical risk, OIT/ISPG is providing specialized training. Focused on strengthening CMS cybersecurity, the training will cover phishing risks, techniques to detect phishing emails, and methods to avoid and/or report suspicious emails.

Course Objectives:

The goal is to understand phishing and its threats, causes, etc. Learners should know the techniques to detect phishing emails and ways to avoid or report suspicious emails without compromising important data

Category

OVERSEE
AND GOVERN

OPERATE
AND MAINTAIN

INVESTIGATE

COLLECT
AND
OPERATE

ANALYZE

SECURELY
PROVISION

PROTECT
AND
DEFEND

Role ID
(OPM Code)

711, 712, 722, 723, 731, 732, 751, 752, 801, 802, 803, 804, 805, 901

 

 

 

 

 

511, 521, 531, 541

Note: The Role IDs listed above are helpful guides; the course may cover additional roles.



Mandatory Training: No

Course Description:

Watch this fun video and learn about the foundations of risk management, including threat, impact, likelihood and vulnerabilities. Approximately 5 minutes.

Course Objectives:

Students should understand the basics of risk management such as threats, areas of vulnerability, etc. 

Category

OVERSEE
AND GOVERN

OPERATE
AND MAINTAIN

INVESTIGATE

COLLECT
AND
OPERATE

ANALYZE

SECURELY
PROVISION

PROTECT
AND
DEFEND

Role ID
(OPM Code)

722, 723

421, 422, 431, 441, 451, 461

332

121

611, 651, 652

511, 521, 531, 541

722, 723

Note: The Role IDs listed above are helpful guides; the course may cover additional roles.



Mandatory Training: No

Target Audience: 

Need to Know audiences vary by training topic. The target audience is identified with each Need to Know training offering. The Need to Know training series provides just-in-time training on a variety of current topics when it is needed. Need to Know training is relevant learning customized for busy CMS personnel that is easy to understand and delivered in an online quick-read format.

Mandatory Training: No

Course Description:

DevSecOps is the integration of information system security into development and operations. It provides continuous visibility into a system’s security posture to prevent vulnerable applications from reaching production and delivers streamlined operations with simplified security reviews. This Spotlight introduces this methodology and enables participants to assess their system's readiness for DevSecOps

Course Objectives:

Learners should be able to know the components of DevSecOps, understand the benefits available, and evaluate whether or not your system is a suitable candidate for DevSecOps through the specialized check list

Category

OVERSEE
AND GOVERN

OPERATE
AND MAINTAIN

INVESTIGATE

COLLECT
AND
OPERATE

ANALYZE

SECURELY
PROVISION

PROTECT
AND
DEFEND

Role ID
(OPM Code)

722, 723, 731, 901

422, 441, 451, 461

212

311, 312, 331, 332, 333

111, 141

611, 612, 622, 632, 651, 661

531

Note: The Role IDs listed above are helpful guides; the course may cover additional roles.



Mandatory Training: No

Course Description:

How Hackers Hack and How to Protect Yourself.

Approximately 13 minutes. 

Course Objectives:

Learners should understand social engineering and be able to identify and comprehend other cyber attacks that target personnel, as well as to find the best methods to safeguard beneficiary data

Category

OVERSEE
AND GOVERN

OPERATE
AND MAINTAIN

INVESTIGATE

COLLECT
AND
OPERATE

ANALYZE

SECURELY
PROVISION

PROTECT
AND
DEFEND

Role ID
(OPM Code)

711, 712, 722, 723, 731, 732

411, 421, 422, 441

212

321

511, 521, 531, 541

711, 712, 722, 723, 731, 732

411, 421, 422, 441

Note: The Role IDs listed above are helpful guides; the course may cover additional roles.



Mandatory Training: No

Course Description:

This training is an introductory course on contingency planning focusing on Continuity of Operations Plans (COOP), Business Impact Analysis (BIA), Disaster Recovery Plans (DRP), and Information System Contingency Plans (ISCP). 

Course Objectives:

Learners should be able to understand the functionalities of COOP, BIA, DRP, and ISCP  successfully.

Category

OVERSEE
AND GOVERN

OPERATE
AND MAINTAIN

INVESTIGATE

COLLECT
AND
OPERATE

ANALYZE

SECURELY
PROVISION

PROTECT
AND
DEFEND

Role ID
(OPM Code)

711, 712, 722, 723, 731, 732, 751, 752, 801, 802, 803, 804, 805, 901

 

 

 

 

 

511, 521, 531, 541

Note: The Role IDs listed above are helpful guides; the course may cover additional roles.



Mandatory Training: No

Course Description:

This is a two-day course designed to train new users on the NIST RISK Management Framework (RMF) and how the CMS FISMA Continuous Tracking System (CFACTS) maps to the RMF steps. The CFACTS tool stores and organizes  information essential to your system’s secure operation. Common tasks covered in class include:

• RMF Steps

• Roles and responsibilities

• Security assessment remediation Plan of Action Milestones

• Privacy Impact Assessments (PIA)

• Information Security Risk Assessment (ISRA)

• Authorization to Operate (ATO) packages to request for certification of the FISMA system. 

Course Objectives:

Key course lessons require the understanding of the navigation tool of CFACTS; what, where, and when to enter your system’s information; and tips for completing common security and privacy documentation.

Category

OVERSEE
AND GOVERN

OPERATE
AND MAINTAIN

INVESTIGATE

COLLECT
AND
OPERATE

ANALYZE

SECURELY
PROVISION

PROTECT
AND
DEFEND

Role ID
(OPM Code)

711, 712, 722, 723, 731, 732, 751, 752, 804

411, 421, 422, 431, 441, 451, 461

211, 212, 221

311, 312, 321, 331, 332, 333

111, 121, 112, 131, 132, 141, 151

611, 612, 631, 632, 641, 651, 652, 666, 671

511, 521, 531, 541

Note: The Role IDs listed above are helpful guides; the course may cover additional roles.



Mandatory Training: No