Image
The DOE OCIO has developed role-based/core competency training modules to support DOE Cybersecurity staff and other employees charged with protecting DOE information assets. 

The courses listed below are available at the OnlineTraining Center (OLC) and are free of charge for all DOE Federal employees and contractors with current DOE OLC accounts. 

For OLC access questions, please contact energyolc@hq.doe.gov. To request a course CD, contact the OCIO CSAT team at cybsectrn@hq.doe.gov. 

Authorizing Officials (AO) and Authorizing Official Designated Representatives (AODR)

This course introduces AOs and AODRs to risk management concepts, the cybersecurity management structure, roles and responsibilities of the AO and AODR, key policy documents, DOE Risk Management Approach, NIST Risk Management Framework, and the system authorization/certification and accreditation process. 

Security Risk Management (SRM)

The SRM role-based module examines the DOE Risk Management Approach (RMA), the NIST Risk Management Framework (RMF), and Contractor Assurance Systems. This course emphasizes the shift toward a risk-based versus compliance-based approach and recognizes the importance of contractors in supporting DOE missions.  The target audience for this course includes AO/AODRs, Federal Site Managers, and Federal officials and contractors with responsibilities associated with cybersecurity program implementation. 

Supply Chain Risk Management (SCRM) for the Information Technology (IT) Professional

This course introduces the concepts, requirements, and responsibilities of Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) at DOE. The target audience for this course is DOE IT professionals.

System Authorization

The System Authorization course provides students with the knowledge required for system and application security, system authorization (formally Certification and Accreditation), and system testing and evaluation. The system authorization process directly correlates with the 6-step Risk Management Framework (RMF) documented in NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems:  A Security Life Cycle Approach, consistent with other Federal agencies. This course is recommended for system owners, and cyber professionals directly involved in designing, developing, procuring, implementing, or testing a Federal information system.