Umass

NISTCSF.COM Curriculum Catalog

UMass Lowell – NIST Cybersecurity Framework Controls Factory Model Certification Training Program

NISTCSF.COM inaugural program NCSF-CFM, was built in partnership with UMass Lowell (UML) a NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R). This innovative NIST cybersecurity training program was built around an NCSF Controls Factory™ (NCSF-CFM) model created by Larry Wilson, CISO in the university president’s office. The program was used to train the engineering, operations and business teams responsible for operationalizing the NIST Cybersecurity Framework Program across the university five campuses. The program has since been used by other universities and colleges throughout New England to do the same.

The UML NCSF-CFM certification training programs help organizations learn the knowledge, skills and abilities (KSA) to:

  • Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF) and other cybersecurity programs (GDPR etc.)
  • Create a Written Information Security Program (WISP) that will become policy for an organization or industry association
  • Engineer a solution to operationalize the WISP program across an enterprise and its supply chain using the UMass Lowell NCSF Controls Factory™ Model (NCSF-CFM)
  • Build and operate a Security Operations Center (SOC) to continuously monitor and respond to changes in the cybersecurity profile documented in the WISP
  • Conduct continuous Business Risk assessments to compare the current profile against the target profile (documented in the WISP) to identify any gaps that need to be addressed
  • Prepare for the Certification exams outlined in the NICE Cybersecurity Workforce Framework (NCWF)

The UML NCSF-CFM program and its author have won the following industry awards:

    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) nominee for Executive of the Year for North America, 2013
    • ISE North America Project Award Winner I for the Academic and Public-Sector Category, 2013
    • Security Magazine’s Most Influential People in Security, 2016

UMass Lowell Curriculum

Curriculum options for the UMass Lowell NCSF-CFM program are listed below. Curriculum can be delivered as part of a university degree or continuing education program.

  • NCSF-CFM Foundation Certification Training with Exam – 1 Day Program that can be delivered in an instructor led classroom or virtual classroom or as a self-paced mentored video training or blended learning program. The NCSF-CFM Foundation Course Datasheet & Outline can be found here
  • NCSF-CFM Practitioner Certification Training with Exam – 4 Day Program that can be delivered in an instructor led classroom or virtual classroom or as a self-paced mentored video training or blended learning program. The NCSF-CFM Practitioner Course Datasheet & Outline can be found here  
  • NCSF-CFM Boot Camp Certification Training with Exam – 5 day Boot Camp (Foundation + Practitioner) program that can be delivered in an instructor led classroom or virtual classroom or as a self-paced mentored video training or blended learning program with just one exam at the end
  • NICE Cybersecurity Workforce Framework (NCWF) Video Training Library – This video training library prepares candidates to sit for up to 200+ Information Technology, Information Security, IT Service Management, IT Project Management and Business Skill certification programs outlined in the NCWF. NCSF NICE Certification Training Library Datasheet and Outlines can be found here
  • NCSF-CFM Cybersecurity Operations Training Center (COTC) – UML has developed a Cybersecurity Operations Training Center (COTC) model that enables students to receive advanced training and hands on cybersecurity experience while delivering NIST Cybersecurity assessment, testing and continuous monitoring services to businesses and governments not capable of doing it themselves. Students who attend the UML program not only graduate with a degree but also with professional certification and hands-on experience.
  • NIST Cybersecurity Framework Oceans 99 Simulation/Gamification Program Training –  ½ Day Program Oceans 99 Course Datasheet & Outline can be found here