Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Course

High Value Assets Assessment 3.0 (HVA 3.0) Training

Format

Other

Delivery

On Demand

Location type

Virtual/Online

Related topics:

Cybersecurity Best Practices

Description

Assessment	High Value Asset 3.0 (HVA 3.0) Non-Tier 1 (NT1)
Purpose	Assess the HVA 3.0 security architecture to identify technical concerns that could expose the organization to risk.
Objectives	Part of CISA’s initiative intended to help government departments and agencies understand their operational resilience and ability to manage cyber risk to their HVAs. Assess an HVA’s security environment and organizational processes through interviews, artifact examination, and technical testing. Designed to help understand the HVA 3.0 security architecture, its resilience, and to provide recommendations for improvement. Most activities typically occur over a consecutive three-day period. Elapsed time may be five or six weeks, depending on report review turnaround. Key deliverable is the HVA 3.0 Assessment Final Report. An HVA 3.0 individual or team conducts each assessment. Individual HVA 3.0 assessors are trained or qualified for a particular role.
Roles	Assessment Lead (AL) and Technical Lead (TL) Prerequisites The HVA 3.0 assessment is an "expert driven" assessment that requires assessors to have a senior level of knowledge related to cybersecurity best practices. Technical Lead candidates should have prior experience as system administrators, cybersecurity engineers, or Information System Security Officers (ISSOs). Assessment Lead The AL is responsible for the overall preparation, execution, and post-execution stages of a CISA Assessment. The lead is the primary point of contact for the assessment team and will coordinate all assessment activities with the organization point of contact. The AL will schedule all assessment activities and ensure that appropriate Subject Matter Experts (SMEs) are available, and that technical access is granted to operators. The AL is responsible for ensuring all assessment artifacts are completed and delivered to the appropriate stakeholders at the conclusion of the assessment. Technical Lead The TL is the primary SME for the assessment team. The TL is responsible for facilitating the assessment and determining findings for the organization. Technical Leads should be experts in the technologies and industry standards of the assessment targets. The TL will analyze the results of the Technical Exchange Meeting and generate the assessment report.
Course Details	NT1 HVA3.0
Course Mode	Virtual/Online
Course Agenda	Learning Objective (LO) LO1: Program Background LO2: Roles and Responsibilities LO3: Planning LO4: Execution LO5: Technical Exchange Meeting (TEM) Domains Overview Post Execution Phase Final Report Creation Asset Security Identity and Access Management Configuration and Change Management Application Security Continuous Monitoring Vulnerability Management Incident Management Service Continuity Supply Chain Risk Management Risk, Threat, and Compliance Management Workforce Management Governance LO6: Post Execution Phase LO7: Final Report Creation LO8: Next Steps Qualification

Contact

If you encounter any issues, you may contact AESTraining@hq.dhs.gov for assistance.