The Differences between the Three eMASS Training Courses
March 31, 2016
No matter what role you hold in the Risk Management Framework (RMF) process, you need to understand how to use eMASS. This post breaks down the differences between each course and hopefully makes the process of choosing the right one a little easier.
Who actually could benefit from eMASS training?
eMASS training is designed for anyone who uses or directly manages users of eMASS. These students typically fall in one of the following RMF roles:
- Head of Agency
- Risk Executive (Function)
- Chief Information Officer (CIO)
- Information Owner/Steward
- Senior Information Security Officer (ISO)
- Authorizing Official
- Authorizing Official Designated Representative
- Common Control Provider
- Information System Owner
- Information System Security Officer
- Information Security Architect
- Information System Security Engineer
- Security Control Assessor
Need more information about what eMASS is? Then head to our blog post by the eMASS curriculum developer and trainer, Josh Burnett!
What are the differences between the direct-user, workshop and manager’s overview courses?
eMASS Direct User Training
This is the most in-depth eMASS training currently on the market. One big difference between this course and the others is that it can only be delivered privately at an approved facility. In order to access the test version of eMASS required to perform this class’ labs, the facility must meet a number of network and security requirements. This is also the only eMASS training course that involves extensive hands-on work in a sandbox version of eMASS.
This course examines each role of eMASS and how to use its assigned tools properly. The course works well when combined with either RMF or (ISC)² CAP training.
Frankly put, this is the training you take if you can’t meet the facility requirements needed to schedule an eMASS Direct User course. There is really nothing different in terms of the lecture part of this course in comparison to the one above. You miss out on the two days of labs.
However, don’t feel discouraged about missing the labs because you still receive the same lab manual that Direct User students receive. You will need to work the labs on your own time at a computer with eMASS access.
Similar to the Direct User option, this training works well when combined with either RMF or (ISC)² CAP training.
eMASS Manager’s Overview
While managers definitely get a ton of value out of either user-level course, they often don’t have the time to commit to several days of training. The Manager’s Overview course solves that problem by providing a condensed training that still reviews all of the eMASS roles and tools that need to be used. It covers roughly the amount of time needed to execute various tasks within eMASS.
This provides managers with a greater sense of their employees’ workloads and allows them to create more realistic deadlines. It enables managers to eliminates the opportunity that an employee might pad the actual amount of time needed to perform any given task (not that any employee would really do something like that).
Time permitting, this course works great when combined with CISO, CISA or CISM training.