Industrial Control System
Cyber Security Institute

ICS Cyber Security Training Curriculum

Conducting Asset Inventories for US DoD Facility-Related Control Systems using the Army Methodology

Duration 3 days
Available Format(s) Live / Online
Who should attend  Personnel responsible for obtaining or maintaining ATO on ICS/FRCS
Prerequisites Fundamentals of Information and Operational Technology Systems
Network + (or equivalent)
Windows Fundamentals
Office Tools (Word, Excel) including Drawing (Visio) Packages
Linux Fundamentals
Hands-On Exercises / Labs Multiple
Expected Outcome (OPERATIONAL) Skills to perform asset inventory consisting of hardware/software inventories, network topology, and data flow diagramming
CEUs 24
Certification Ready None

This intermediate-level course is designed to provide a general overview of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Assessment and Authorization (A&A) process as defined in Special Publication (SP) 800-37 (Revision 2 published December 2018). A comprehensive logical and physical inventory of all system components is a fundamental activity necessary in preparing for, obtaining, and maintaining an Authority to Operate (ATO). This inventory will serve as an input to various tasks across that various steps of the RMF. Trainees are introduced to the RMF process, and how the activities are performed according to the Industrial Control System Methodology developed by the US Army Corp of Engineers.  Trainees will be shown how to perform the inventory using different tools, techniques and procedures based on the criticality of the system. They will also be exposed to the analysis of raw data and how it is used to develop common inventory deliverables. Trainees will plan to spend more than 50% of the course time working hands-on exercises, including time on the cyber test range to practice skills on a variety of legacy systems.

  • Introduction to the Risk Management Framework
    • RMF Process Overview
    • Steps and Tasks
    • Use of Asset Inventory throughout Process
  • Overview of Industrial/Facility-Related Control Systems
    • HQDA Executive Order 002-13
    • Functionality and Purpose
    • System Types
    • System Components
    • Vendors and Suppliers
  • Army Methodology for ICS Inventories
    • Inventory Levels and Tiers
    • Planning and Scheduling
    • Preparation
    • Execution
    • Close-Out
  • Data Collection
    • System Owners, Operators and Support
    • Logical Inventory
    • Physical Inventory
    • Host-based Collection
    • Centralized Collection
  • Data Analysis
    • Network-Connected Devices
    • Network Infrastructure
    • External Communications
    • Inter-System Operation and Dependencies
    • Security Incidents and Events
  • Deliverables and Reporting
    • Establishing the Authorization Boundary
    • Hardware Inventory
    • Software Inventory
    • Network Topology Diagram
    • Communication Data Flow Diagram
    • System Observations and Comments

Additional information on other courses offered as part of the curriculum can be viewed by selecting from the following list or the Quick Links located in the top righthand section of this page: