×
FITSI

FITSP-Auditor

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Course Overview

The FITSP Auditor certification validates the knowledge and skills of Federal employees and contractors against Federal standards and practices. The 5-day training course explores the six main domains and eighteen IT security topics in the Federal Body of Knowledge (FBK).

The six main domains in the Federal Body of Knowledge are:

  • NIST Special Publications
  • NIST Federal Information Processing Standards
  • NIST Control Families
  • Government Laws and Regulations
  • NIST Risk Management Framework
  • NIST Interagency Reports

Schedule

Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.

[image]

Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Program Level

Advanced

Training Delivery Methods

Group Live

Duration

5 Days / 32 hours Training

CPE credits

26 NASBA CPE Credits

Field of Study

Information Technology

Advanced Prep

N/A

Course Registration

Candidates can choose to register for the course by via any of the below methods:

Upon registration completion candidates are sent an automated course registration email that includes attachments with specific information on the class and location as well as pre-course study and test preparation material approved by the course vendor. The text of the email contains a registration confirmation as well as the location, date, time and contact person of the class.

Online enrolment closes three days before course start date.

On the first day of class, candidates are provided with instructions to register with the exam provider before the exam date.

Complaint Resolution Policy

To view our complete Complaint Resolution Policy policy please click here: Complaint Resolution Policy

Refunds and Cancellations

To view our complete Refund and Cancellation policy please click here:  Refund and Cancellation Policy 

Course Outline

Access Control

  • Access
  • Access authority
  • Access control
  • Access control list
  • Account management
  • Access enforcement
  • Authorization
  • Brute force
  • Concurrent session control
  • Discretionary Access Control (DAC)
  • Information flow enforcement
  • Least privilege
  • Mandatory Access Control (MAC)
  • Permitted actions
  • Previous login notification
  • Role Based Access Control (RBAC)
  • Security attributes
  • Separation of duties
  • Session lock
  • Session termination
  • System use notification
  • Unsuccessful login attempt

Audit and Accountability

  • Accountability
  • Auditable event
  • Audit
  • Audit analysis
  • Audit data
  • Audit generation
  • Audit policy
  • Audit record retention
  • Audit reduction tool
  • Audit report
  • Audit reduction
  • Audit review
  • Audit trail
  • Audit storage capacity
  • Audit failure response
  • Contents of audit record
  • Monitoring for information disclosure
  • Non-repdiation
  • Protection of audit information
  • Session audit
  • Time stamps

Awareness and Training

  • Awareness (information security)
  • Behavioral outcome
  • Certification
  • Computer-Based Training (CBT)
  • Curriculum
  • Education (information security)
  • End user security training
  • Information sharing
  • Instructional Systems Design (ISD)
  • Instructor-Led Training (ILT)
  • IT security awareness
  • IT security awareness and training program
  • IT security education
  • IT security training program
  • Learning Management System (LMS)
  • Learning objectives
  • Needs assessment (IT security)
  • Role-based training
  • Testing
  • Training (information security)
  • Training assessment
  • Training effectiveness
  • Training effectiveness evaluation
  • Web-Based Training (WBT)

Configuration Management

  • Access restriction for change
  • Baseline configuration
  • Configuration management plan
  • Configuration management policy
  • Configuration setting
  • Federal desktop core configuration
  • Least functionality
  • Security checklist
  • Security impact analysis

Contingency Planning

  • Alternate processing/storage site
  • Backup strategy
  • Business continuity plan
  • Business impact analysis
  • Business recovery plan
  • Call tree
  • Cold site
  • Contingency plan
  • Contingency plan policy
  • Contingency plan training
  • Contingency plan testing
  • Continuity of operations plan
  • Continuity of support plan
  • Crisis communication
  • Cyber incident response
  • Delegation of authority
  • Disaster recovery plan
  • Disruption
  • Essential functions
  • Hot site
  • Information technology
  • Interoperable communications
  • Mission assurance
  • Occupant emergency plan
  • Order of succession
  • Preparedness/readiness
  • Reconstitution
  • Recovery
  • Risk mitigation
  • Standard operating procedures
  • Telecommunications services
  • Threat environment
  • Vital records and databases
  • Warm site

Identification and Authentication

  • Authenticate
  • Authentication
  • Authentication mechanism
  • Authentication mode
  • Authentication protocol
  • Authentication token
  • Authenticator management
  • Authenticity
  • Biometric
  • Biometric system
  • Biometric information
  • Device authentication
  • Device identification
  • Digital certificate
  • Certificate policy
  • Certificate Revocation List (CRL)
  • Certification authority
  • Claimant
  • Credential
  • Cryptographic module authentication
  • Electronic authentication
  • Identification
  • Identifier management
  • Mutual authentication

Incident Response

  • Attack signature
  • Computer forensics
  • Computer security incident
  • Computer security incident response team
  • Computer security
  • Escalation procedures
  • Honey Pot
  • Incident handling
  • Incident monitoring
  • Incident records
  • Incident reporting
  • Incident response assistance
  • Incident response plan
  • Incident response policy
  • Incident response testing
  • Incident response training
  • Intrusion
  • Intrusion prevention system
  • Intrusion detection system
  • Measures
  • Personally Identifiable Information (PII)
  • Reconstitution of System
  • Security alerts
  • Security incident
  • System compromise
  • Threat motivation
  • Unauthorized access
  • Vulnerability

Maintenance

  • Antivirus software
  • Backup
  • Baseline
  • Configuration management
  • Controlled maintenance
  • Insider threat
  • Maintenance tools
  • Maintenance personnel
  • Non-local maintenance
  • Patch management
  • Penetration testing
  • Security data analysis
  • Security measures
  • Security reporting
  • Security hardening
  • System logs
  • System maintenance policy
  • System monitoring
  • Threat analysis
  • Threat monitoring
  • Timely maintenance
  • Vulnerability analysis

Media Protection

  • Degaussing
  • Media access
  • Media destruction
  • Media marking
  • Media protection policy
  • Media storage
  • Media transport
  • Sanitization

Personnel Security

  • Access agreement
  • Background checks
  • Background investigation
  • Confidentiality
  • Digital identity
  • Human resources
  • Insider threat
  • Job rotation
  • Nondisclosure agreement
  • Position categorization
  • Position sensitivity
  • Personnel sanctions
  • Personnel security policy
  • Personnel screening
  • Personnel termination
  • Personnel transfer
  • Security breach
  • Security clearance
  • Separation of duties
  • Social engineering
  • Special Background Investigation (SBI)
  • Suitability determination
  • Third-party personnel security

Physical and Environmental Protection

  • Access cards
  • Access control
  • Access control for output devices
  • Access control for transmission medium
  • Access records
  • Alarm
  • Alternate work site
  • Asset disposal
  • Biometrics
  • Defense-in-Depth
  • Delivery and removal
  • Emergency lighting
  • Emergency power
  • Environmental threat
  • Fire protection
  • Information leakage
  • Inventory
  • Location of information system components
  • Man-made threat
  • Monitoring physical access
  • Natural threat
  • Perimeter defense
  • Physical and environmental policy
  • Physical access authorization
  • Physical access control
  • Power equipment and power cabling
  • Risk management
  • Temperature and humidity control
  • Threat and vulnerability assessment
  • Video surveillance
  • Visitor control
  • Water damage protection

Planning

  • Privacy impact assessment
  • Rules of behavior
  • Security planning policy
  • Security planning procedures
  • Security related activity planning
  • System security plan

Program Management

  • Critical infrastructure plan
  • Enterprise architecture
  • Information security measures of performance
  • Information security program plan
  • Information security resources
  • Information system inventory
  • Mission/business process definition
  • Security authorization process
  • Senior information security officer
  • Plan of action and milestone process
  • Risk management strategy

Risk Assessment

  • Acceptable risk
  • Assessment
  • Asset valuation
  • Business impact analysis
  • Controls
  • Impact
  • Inside threat
  • Likelihood determination
  • National Vulnerability Database
  • Qualitative
  • Quantitative
  • Risk
  • Risk assessment
  • Risk assessment policy
  • Risk avoidance
  • Risk level
  • Risk limitation
  • Risk management
  • Risk matrix
  • Risk mitigation
  • Risk research
  • Risk scale
  • Risk transference
  • Security categorization
  • Security controls
  • Security measures
  • Threat
  • Threat and vulnerability
  • Threat modeling
  • Types of risk
  • Vulnerability
  • Vulnerability scanning

Security Assessment and Authorization

  • Assessment method
  • Assessment procedure
  • Authorization (to operate)
  • Authorization boundary
  • Authorize process
  • Authorizing official
  • Designated representative
  • Dynamic subsystem
  • Common control provider
  • Common control
  • Compensating control
  • Complex information system
  • Continuous monitoring
  • Cost effective
  • Critical control
  • External subsystems
  • Hybrid security control
  • Information owner/steward
  • Information system boundary
  • Information system owner
  • Information system security engineer
  • Information type
  • Interconnection agreement
  • Net-centric architecture
  • Plan of Action and Milestones (POAM)
  • Reciprocity
  • Risk executive
  • Security control assessor
  • Senior information security officer
  • Tailored security control baseline
  • Volatile control

System and Communications Protection

  • Application partitioning
  • Boundary protection
  • Collaborative computing devices
  • Communications security
  • Configuration
  • Covert channel analysis
  • Cryptographic key establishment
  • Cryptographic key management
  • Defense-in-Depth
  • Denial of service protection
  • Emission security
  • Encryption technologies
  • Fail in known state
  • Firewall
  • Heterogeneity
  • Honey pots
  • Hub
  • Information in shared resources
  • Information system partitioning
  • Intrusion detection system
  • Intrusion prevention systems
  • Load balancers
  • Mobile code
  • Network architecture
  • Network disconnect
  • Networking models and protocols
  • Network segmentation
  • Non-modifiable executable programs
  • Penetration testing
  • Port
  • Protection of information at rest
  • Public access protections
  • Public Key Infrastructure Certificates
  • Resource priority
  • Router
  • Secure name resolution
  • Security function isolation
  • Security trust
  • Session authenticity
  • Switch
  • System and communications protection policy
  • Telecommunications technology
  • Thin nodes
  • Transmission confidentiality
  • Transmission of security attributes
  • Transmission integrity
  • Transmission preparation integrity
  • Trusted path
  • Use of cryptography
  • Virtual Private Network (VPN)
  • VOIP
  • Virtualization techniques
  • Vulnerability
  • Web services security
  • Wired and wireless networks

System and Information Integrity

  • Agent
  • Antivirus software
  • Application
  • Application content filtering
  • Blended attack
  • Boot sector virus
  • Buffer overflow
  • Computer virus
  • Error handling
  • Flaw remediation
  • Information input restrictions
  • Information input validation
  • Information output handling and retention
  • Information system monitoring
  • Macro virus
  • Malicious code protection
  • Predictable failure prevention
  • Security alerts, advisories, and directives
  • Security functionality verification
  • Spam protection
  • Software and information integrity
  • System and information integrity policy

System and Services Acquisition

  • Acquisitions
  • Allocation of resources
  • Business impact analysis
  • Contract
  • Cost-benefit analysis
  • Critical information system components
  • Developer configuration management
  • Developer security testing
  • Disposal
  • External information system services
  • Information system documentation
  • Life cycle support
  • Prequalification
  • Regulatory compliance
  • Request for information
  • Request for Proposal (RFP)
  • Risk analysis
  • Risk-based decision
  • Risk mitigation
  • Security engineering principles
  • Security requirements
  • Service Level Agreement (SLA)
  • System and services acquisition policy
  • Software usage restrictions
  • Solicitation
  • Supply chain protection
  • Statement of Objectives (SOO)
  • Statement of Work (SOW)
  • Total Cost of Ownership (TCO)
  • Tustworthiness
  • User installed software

FITSP Auditor Exam

Exam Details

  • Number of Questions – 150
  • Duration – 3 Hours
  • Format – multiple choice
  • Delivery – computer-based

FITSP Auditor Certification FAQs

Who is the FITSP Auditor course for?

This course is intended for IT auditors who review and analyze information systems within the U.S. Federal government system. Ideal candidates are Federal employees and contractors with the following job roles:
– Assessors
– External IT auditors
– Evaluators
– Internal IT auditors
– Reviewers
– Risk/vulnerability analysts

Are there requirements to take the FITSP Auditor Certification training?

It is recommended that candidates have at least 5 years of general information system security experience in the public of private sector before attending this course.

Does the Auditor certification focus on areas different than the other FITSP certifications?

All four FITSP certification exams cover the same six mains domains as found in the Federal Body of Knowledge (FBK). The exams for each of the four different roles is tested on a different set of themes, publication, and focus areas relevant to their job role.

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

Subscribe now

Get new class alerts, promotions, and blog posts

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Download Course Brochure

Enter your information below to download this brochure!

Name(Required)