NIST Cybersecurity Framework Learning Path

Get ready to explore the NIST Cybersecurity Framework learning path, where we peek behind the curtain of NIST cybersecurity fundamentals. Learn about the industry-recognized framework for improving infrastructure cybersecurity.

5 hours, 42 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    5 hours, 42 minutes

  • Assessment


About NIST Cybersecurity Framework

Our NIST Cybersecurity Framework learning path begins by building a robust foundation with the basics of cybersecurity. We break down the complexities of the Cybersecurity Framework components, get up close with the Risk Management Framework (RMF) and learn how its principles affect information systems and organizations. Explore how to navigate the RMF process and become a master of managing risk — identifying, assessing and responding to it like a true cybersecurity expert. Look at how organizations assess their cybersecurity risks and take steps to implement or enhance their cybersecurity program.

Explore the five Framework Core Functions by diving into their categories, subcategories and references. Discover the art of self-assessment in cybersecurity risk — an essential tool for any organization's cyber toolbox — then walk through the seven-step process to create a brand-new cybersecurity program or strengthen an existing one. Complete your journey with a NIST Cybersecurity Framework project and skill assessment, where you have the chance to showcase your newly acquired NIST Cybersecurity Framework knowledge.

Who is this learning path for?

  • Cybersecurity Beginners: Break into the cybersecurity field with this foundational learning path, providing an industry-recognized framework to understand and manage cybersecurity risk.
  • Current IT and cybersecurity professionals: Whether you’re a SOC Analyst or a Security Architect, use this learning path to formalize your knowledge and potentially move into more NIST cybersecurity specializations.
  • Information Risk Analysts: Risk officers or managers can find this path beneficial to understand the cybersecurity aspect of organizational risk and learn a structured approach to managing it.
  • Privacy Managers: Professionals responsible for ensuring compliance with cybersecurity regulations and standards will find the NIST framework knowledge valuable.
  • Security Managers: Business owners, executives or decision-makers can benefit from understanding the NIST Cybersecurity Framework to guide their organization's cybersecurity strategy and risk management process.

By the end of this learning path, you will:

  • Understand cybersecurity basics, including information security concepts, legal/governmental guidelines, CSF roadmap and the C.I.A. cybersecurity fundamentals triad — confidentiality, integrity and availability
  • Understand the CSF components and the seven-step CSF process
  • Master risk management and frameworks
  • Have knowledge of the NIST CSF, including the functional areas, categories, sub-categories and informative references
  • Be able to assess an organization’s cybersecurity risk and either implement or improve a cybersecurity program



NIST Cyber Security Framework Skill Assessment

Assessment - 18 questions

NIST Cybersecurity Basics

Course - 00:47:00

The NIST Cybersecurity Framework (CSF) contains terminology and concepts that may be expressed in specific ways and differ from what you are used to dealing with in your normal operations. This course will help you to build a basic understanding of security fundamentals used throughout the industry, such as the CIA triad. Additionally, there are some aspects of the framework that are contained throughout all discussion of the topics in this course.
Cybersecurity Framework Components

Course - 00:24:00

The Cybersecurity Framework, being a risk-based approach for managing cybersecurity risk, is composed of three parts: the Framework Core, the four Framework Implementation Tiers and the Framework Profiles. Each Framework component reinforces the connection between business and mission drivers and cybersecurity activities.
Risk Management

Course - 00:36:00

Risk management is the ongoing process of identifying, assessing and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the potential resulting impacts. In this course, we discuss the RMF process and managing risk by identifying, assessing and responding to risk.
Cybersecurity Framework Core Functions

Course - 01:01:00

The Core Functions are a listing of categories, subcategories and informative references that describe specific cybersecurity activities that are common across all critical infrastructure sectors and are not intended to form a serial path or lead to a static desired end state.
Cybersecurity Framework Self-Assessments

Course - 00:13:00

The Cybersecurity Framework is designed to reduce risk by improving the management of cybersecurity risk to organizational objectives. This course describes the importance of having a clear understanding of the organizational objectives, the relationship between those objectives and supportive cybersecurity outcomes, and how those discrete cybersecurity outcomes are implemented and managed.
The 7-Step Cybersecurity Framework Process

Course - 00:09:00

The Cybersecurity Framework is designed to complement existing business and cybersecurity operations. This course outlines the steps an organization can use to compare their current cybersecurity activities with those outlined in the CSF Core through the creation of profiles to determine if the organization has opportunities to (or needs to) improve.
NIST Cybersecurity Framework Summary & Tips

Course - 00:11:00

Wrap up your study of the NIST Cybersecurity Framework with this course providing a full summary and tips for further improvement.

Meet the author

Ross Casanova

Mr. Casanova has extensive experience in leadership, project management, intelligence analysis and training development. As a program manager, he helped build the CSRA pipeline of new opportunities, including developing winning proposals for more than $100 million in new business. He served the intelligence community in various roles and retired from the United States Army after 20+ years of service. He has over twenty years of experience as a technical trainer.

Certifications held: CISSP, Security+ce, CEH, CCSP, NSA-IAM, GIAC, CCSK, CIRM, SMSP, Infosec Certified Instructor, ISC2 Certified CISSP Instructor, Ultimate Knowledge Institute Certified Instructor, ITIL® Foundation Certificate in IT Service Management (ITILv3-F).

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo