Lesson series

FITSP-Manager

The Federal IT Security Professional - Auditor (FITSP-A) certification, offered by the Federal IT Security Institute (FITSI), is a role-based credential specifically designed for IT auditors working within or for the United States Federal Government.

Unlike generalist certifications like the CISA or CISSP, the FITSP-A focuses strictly on the Federal Body of Knowledge (FBK)—the specific statutes, regulations, and standards (like NIST and FISMA) required to secure federal information systems.

Write your awesome label here.

FITSP-Manager Exam Domans

Structured around the Federal Body of Knowledge (FBK)

1. NIST Special Publications (SPs) This domain covers the "800 series" of documents. such as NIST SP 800-53 (Security and Privacy Controls) and NIST SP 800-30 (Risk Assessment).

2. NIST Federal Information Processing Standards (FIPS) This domain focuses on FIPS 199 (Security Categorization) and FIPS 200 (Minimum Security Requirements), which form the legal foundation for federal system security.

3. NIST Control Families This is a deep dive into the 20 control families defined in NIST SP 800-53. As an auditor, you must understand how to evaluate management, operational and technical controls across these families (e.g., Access Control, Incident Response, and System and Information Integrity).

4. Governmental Laws and Regulations This covers the legal mandates that drive federal IT security. Key topics include the Federal Information Security Modernization Act (FISMA), OMB Circular A-130, and various Presidential Executive Orders.

5. NIST Risk Management Framework (RMF) This domain focuses on the 7 steps of the RMF (Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor) as outlined in NIST SP 800-37.

6. NIST Interagency Reports (NISTIRs) This domain covers supplemental research and technical guidance provided by NIST. 

4157 SW 4th Street, Plantation, Fl  33317
Phone number: (754) 423-7352

Copyright © 2024