• Home
  • NCSP® 800-53 Specialist

NCSP® 800-53 Specialist

    Upcoming Events

Please contact Deep Creek Center for information on scheduling a course.
Course Length
5 days
Credits Earned
35 ISACA/ CompTIA CEU credits
This course guides students on the best approach to adapt, implement, and operate (AIO) a cybersecurity program that integrates into existing organizational capabilities incorporating NIST 800-53. NCSP® Practitioner level status is a pre-requisite for NCSP® Specialist course attendance.

Accredited through APMG International, listed as qualified cyber training by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) in the United States, and certified in the United Kingdom by the National Cyber Security Centre (NCSC), the NCSP® training program teaches individuals and organizations how to engineer, operate and continually improve a NIST Cyber Security Risk Management Program.

The NCSP® 800-53 Specialist looks at the impact of adapting a principled approach to an enterprise risk management framework to better support cybersecurity decisions within the context of the NIST 800-53 informative reference. 

What You Will Accomplish

  • Learn how the NCSP helps you align cybersecurity risk with organizational governance, provide effective assurance, and integrate into your organization’s Service Value Management System
  • Define key Goals, Questions, and Metrics for each of your control families to optimize your capabilities
  • Prioritize investments to maximize positive impact
  • Learn how to use the FastTrack model to implement your cybersecurity risk program using the NIST 800-53 control families

Who Should Attend

Risk Managers, Security Managers, CISOs, all IT staff with security management and/or audit responsibilities, business leadership with responsibility for security practices and assurance.

Course Introduction

The NCSP Specialist program guides students on the best approach to adapt, implement, and operate (AIO) a comprehensive cybersecurity program that integrates into existing organizational capabilities incorporating NIST 800-53 control families.

The course introduces the integration of typical enterprise capabilities with cybersecurity from the perspective of the NIST 800-53 informative reference. The overall approach places these activities into systems thinking context by introducing the Service Value Management System composed of three aspects, governance, assurance, and the Z-X Model. With this in place, the course presents the approach to adapt, implement, operate & improve the organizational cybersecurity posture that builds on the application of the FastTrack™ presented in the NCSP® Practitioner course.


The class includes lectures, informative supplemental reference materials, workshops, and a formal examination - workshops are a critical aspect of the course and develop examinable material.

Outcomes and benefits from this class provide a practical approach that students can use to build and maintain a cybersecurity and cyber-risk management programs to support the NIST 800-53 informative reference.

On completion of the NCSP® Specialist 800-53 course, delegates will be prepared to take the associated NCSP® Specialist 800-53 exam.

Course Outline

Course Introduction Introduces the course and its content, followed by a lesson that sets the stage for the rest of the material. Lessons in this chapter include:
  • Course Organization
  • Setting the Stage
Managing Risks in the Digital Age Introduces students to enterprise risk management and the Enterprise Risk Management Principles. Lessons in this chapter include:
  • Enterprise Risk Management Frameworks
  • Risk Management Framework Overview
  • Enterprise Risk Management Framework Applied
  • Z-X Model Overview
Cybersecurity within a System Introduces systems thinking and the Service Value Management System (SVMS) that includes the Z-X Model. Lessons in this chapter include:
  • The importance of Systems Thinking
  • Governance & Culture and Strategy & Objectives
  • Service Value Management System
  • Z-X Model Overview
Z-X Model Capabilities Probes the details of the Z-X Model and the relationship to existing organizational capabilities. Lessons in the chapter include:
  • Z-X Model Plan
  • Z-X Model Design
  • Z-X Model Build & Deploy
  • Z-X Model Operate & Improve
Adapt Introduces the first part of AIO, Adapt that introduces the Goal Question Metric approach to develop appropriate metrics for the cybersecurity implementation. Lessons in this chapter include:
  • Overview of AIO
  • Cybersecurity Adopt & Adapt
  • Adapt in the Context of the Z-X Model
  • Preparations to Implement
  • Project Approach w/GQM
  • Metrics, Measurement & Balance
Implement Covers the "I" in AIO. It presents the implementation of the selected cybersecurity informative references using the same phased approach introduced in the NCSP® Practitioner (and NCSP® Bootcamp) course. Lessons in this chapter include:
  • Implementation Principles
  • Phase 0
  • Phase 1
  • Phase 2
  • Phase 3
  • Additional Controls
Operate & Improve Covers the last aspect of AIO (Operate). Lessons in this chapter include:
  • Operate and Improve
  • Deliver Value & Integrate
  • Ongoing Improvement


Please contact Deep Creek Center for information.
It is only a solution if it produces the desired results.

Deep Creek is pleased to deliver these programs through Cybersecurity Professionals, Ltd., the official Accredited Training Organization for the NIST Cyber Security Professional program.