Risk and Vulnerability Assessment (RVA) Training

Collect data through on-site assessments to provide an organization with actionable remediation recommendations prioritized by risk. 

Completion of this course does NOT authorize participants to perform RVA assessments on behalf of CISA.

Part of a U.S. Cybersecurity and Infrastructure Security Agency (CISA) initiative intended to lead the national effort to understand and manage cyber and physical risk to critical infrastructure.

• Assesses organization's alignment with applicable information security benchmarks by conducting collaborative and independent operational testing and assessments.
• Provides customer organizations with an understanding of their operational cybersecurity risk and posture and provides DHS with vital situational awareness.
• Delivers the RVA Assessment Final Report.

Operator (OP)

Prerequisites

Operator Candidates should be mid to senior level penetration testers. This course does not teach basic penetration testing and students should come to the class with experience testing applications, networks, and cloud environments. At least one industry recognized penetration testing certification is recommended.

Learning Objective (LO)

• LO1: Program Background
• LO2: Pre-Assessment
• LO3: Assessment
• LO4: Assessment Offering
• LO5: Reporting on Findings
• LO6: Findings Repository
• LO7: Post Assessment
• LO8: Policies and Procedures
• LO9: Capstone Overview Pt. 1
• LO10: Capstone Overview Pt. 2
• LO11: Report Outbrief Demo