Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Pricing
Podcast Image

Framework: NIST 800-53 Audio Course

Technology Education

Activity Overview

Episode publication activity over the past year

Episodes

Showing 1-100 of 147
Page 1 of 2 Next → »»

Welcome to the NIST 800-53 Audio Course

20 Oct 2025

Contributed by Lukas

Episode 147 — Spotlight: Physical Access Control (PE-3)

20 Oct 2025

Contributed by Lukas

Physical Access Control (PE-3) translates least privilege into the built environment by governing who may enter facilities, rooms, and cages that host...

Episode 146 — Spotlight: Risk Management Strategy (PM-9)

20 Oct 2025

Contributed by Lukas

Risk Management Strategy (PM-9) defines how an organization articulates risk appetite, tolerance, priorities, and decision rules so that security and ...

Episode 145 — Spotlight: System Security and Privacy Plans (PL-2)

20 Oct 2025

Contributed by Lukas

System Security and Privacy Plans (PL-2) define how security and privacy controls are implemented, documented, and maintained for each system. For exa...

Episode 144 — Spotlight: Authority to Process Personally Identifiable Information (PT-2)

20 Oct 2025

Contributed by Lukas

Authority to Process Personally Identifiable Information (PT-2) requires organizations to establish and document legal, regulatory, and policy bases f...

Episode 143 — Spotlight: Personnel Screening (PS-3)

20 Oct 2025

Contributed by Lukas

Personnel Screening (PS-3) ensures that individuals with system access undergo appropriate background investigations before being granted authorizatio...

Episode 142 — Spotlight: Media Sanitization (MP-6)

20 Oct 2025

Contributed by Lukas

Media Sanitization (MP-6) ensures that storage media containing sensitive information are properly cleared, purged, or destroyed before reuse or dispo...

Episode 141 — Spotlight: Controlled Maintenance (MA-2)

20 Oct 2025

Contributed by Lukas

Controlled Maintenance (MA-2) ensures that all maintenance activities—routine, preventive, or emergency—are performed under defined, authorized, a...

Episode 140 — Spotlight: Awareness Training (AT-2)

20 Oct 2025

Contributed by Lukas

Awareness Training (AT-2) ensures that personnel understand security and privacy responsibilities commensurate with their roles and the organization’...

Episode 139 — Spotlight: Supply Chain Risk Management Plan (SR-2)

20 Oct 2025

Contributed by Lukas

Supply Chain Risk Management Plan (SR-2) establishes how organizations identify, assess, and mitigate risks arising from suppliers, service providers,...

Episode 138 — Spotlight: Component Authenticity (SR-11)

20 Oct 2025

Contributed by Lukas

Component Authenticity (SR-11) focuses on verifying that hardware, software, and firmware components are genuine, unaltered, and obtained from trusted...

Episode 137 — Spotlight: Supplier Assessments (SR-6)

20 Oct 2025

Contributed by Lukas

Supplier Assessments (SR-6) verify that external vendors and service providers meet security and privacy requirements before and during their engageme...

Episode 136 — Spotlight: Supply Chain Controls and Processes (SR-3)

20 Oct 2025

Contributed by Lukas

Supply Chain Controls and Processes (SR-3) ensure that products and services acquired or integrated into an organization’s environment meet establis...

Episode 135 — Spotlight: Authorization (CA-6)

20 Oct 2025

Contributed by Lukas

Authorization (CA-6) is the formal, risk-based decision that a system may operate within defined conditions, made by an authorizing official who accep...

Episode 134 — Spotlight: Continuous Monitoring (CA-7)

20 Oct 2025

Contributed by Lukas

Continuous Monitoring (CA-7) sustains assurance between assessments by collecting, analyzing, and acting on security-relevant data with defined cadenc...

Episode 133 — Spotlight: Plan of Action and Milestones (CA-5)

20 Oct 2025

Contributed by Lukas

Plan of Action and Milestones (CA-5) is the enterprise ledger for weaknesses, corrective actions, and accountability. For the exam, understand that CA...

Episode 132 — Spotlight: Control Assessments (CA-2)

20 Oct 2025

Contributed by Lukas

Control Assessments (CA-2) verify that implemented safeguards function as intended and achieve their stated objectives. For exam readiness, recognize ...

Episode 131 — Spotlight: System Recovery and Reconstitution (CP-10)

20 Oct 2025

Contributed by Lukas

System Recovery and Reconstitution (CP-10) ensures that after a disruption—malware outbreak, data corruption, hardware failure, or site loss—syste...

Episode 130 — Spotlight: Contingency Plan Testing (CP-4)

20 Oct 2025

Contributed by Lukas

Contingency Plan Testing (CP-4) ensures that the organization’s recovery strategies and procedures are validated through realistic, periodic exercis...

Episode 129 — Spotlight: System Backup (CP-9)

20 Oct 2025

Contributed by Lukas

System Backup (CP-9) ensures that critical information, configurations, and software are copied and stored securely to enable rapid recovery after dat...

Episode 128 — Spotlight: Contingency Plan (CP-2)

20 Oct 2025

Contributed by Lukas

Contingency Plan (CP-2) requires organizations to establish, maintain, and test documented procedures for restoring essential operations following dis...

Episode 127 — Spotlight: Error Handling (SI-11)

20 Oct 2025

Contributed by Lukas

Error Handling (SI-11) ensures that systems process and report errors securely, preventing the leakage of sensitive information or system details that...

Episode 126 — Spotlight: Spam Protection (SI-8)

20 Oct 2025

Contributed by Lukas

Spam Protection (SI-8) ensures organizations safeguard communication channels against unwanted, malicious, or deceptive messages that can disrupt oper...

Episode 125 — Spotlight: Malicious Code Protection (SI-3)

20 Oct 2025

Contributed by Lukas

Malicious Code Protection (SI-3) ensures that organizations deploy, update, and monitor mechanisms designed to detect, prevent, and remediate malware ...

Episode 124 — Spotlight: Information Input Validation (SI-10)

20 Oct 2025

Contributed by Lukas

Information Input Validation (SI-10) requires systems to verify that all incoming data is correct, complete, and in the expected format before process...

Episode 123 — Spotlight: Software, Firmware, and Information Integrity (SI-7)

20 Oct 2025

Contributed by Lukas

Software, Firmware, and Information Integrity (SI-7) ensures that system components and data remain trustworthy throughout their lifecycle. For the ex...

Episode 122 — Spotlight: System Monitoring (SI-4)

20 Oct 2025

Contributed by Lukas

System Monitoring (SI-4) provides the visibility necessary to detect, analyze, and respond to security-relevant events across networks and systems. Fo...

Episode 121 — Spotlight: Flaw Remediation (SI-2)

20 Oct 2025

Contributed by Lukas

Flaw Remediation (SI-2) ensures that software and system vulnerabilities are identified, prioritized, and corrected in a timely and verifiable manner....

Episode 120 — Spotlight: Denial-of-Service Protection (SC-5)

20 Oct 2025

Contributed by Lukas

Denial-of-Service Protection (SC-5) requires organizations to anticipate and withstand attempts to degrade or exhaust system resources, whether throug...

Episode 119 — Spotlight: Public Key Infrastructure Certificates (SC-17)

20 Oct 2025

Contributed by Lukas

Public Key Infrastructure Certificates (SC-17) governs the issuance, management, and validation of digital certificates that anchor trust for users, s...

Episode 118 — Spotlight: Session Authenticity (SC-23)

20 Oct 2025

Contributed by Lukas

Session Authenticity (SC-23) ensures that once a user or service is authenticated, the resulting session remains bound to that identity, protected fro...

Episode 117 — Spotlight: Protection of Information at Rest (SC-28)

20 Oct 2025

Contributed by Lukas

Protection of Information at Rest (SC-28) mandates that stored data remain confidential and tamper-evident wherever it resides—primary storage, back...

Episode 116 — Spotlight: Cryptographic Protection (SC-13)

20 Oct 2025

Contributed by Lukas

Cryptographic Protection (SC-13) requires organizations to protect the confidentiality and integrity of information through approved cryptographic mec...

Episode 115 — Spotlight: Cryptographic Key Establishment and Management (SC-12)

20 Oct 2025

Contributed by Lukas

Cryptographic Key Establishment and Management (SC-12) ensures that encryption keys are generated, distributed, stored, and retired securely throughou...

Episode 114 — Spotlight: Transmission Confidentiality and Integrity (SC-8)

20 Oct 2025

Contributed by Lukas

Transmission Confidentiality and Integrity (SC-8) safeguards information as it travels across networks by preventing unauthorized disclosure or modifi...

Episode 113 — Spotlight: Boundary Protection (SC-7)

20 Oct 2025

Contributed by Lukas

Boundary Protection (SC-7) governs how networks, systems, and data flows are isolated and controlled to prevent unauthorized access or leakage. For ex...

Episode 112 — Spotlight: Unsupported System Components (SA-22)

20 Oct 2025

Contributed by Lukas

Unsupported System Components (SA-22) addresses the risk of operating hardware or software that vendors no longer support. For the exam, candidates mu...

Episode 111 — Spotlight: External System Services (SA-9)

20 Oct 2025

Contributed by Lukas

External System Services (SA-9) ensures that when organizations rely on external providers—such as cloud platforms, SaaS applications, or managed se...

Episode 110 — Spotlight: Developer Testing and Evaluation (SA-11)

20 Oct 2025

Contributed by Lukas

Developer Testing and Evaluation (SA-11) requires that software be verified through systematic testing to uncover defects and security weaknesses befo...

Episode 109 — Spotlight: Security and Privacy Engineering Principles (SA-8)

20 Oct 2025

Contributed by Lukas

Security and Privacy Engineering Principles (SA-8) codify design tenets that make systems trustworthy by default rather than retrofitted after deploym...

Episode 108 — Spotlight: Criticality Analysis (RA-9)

20 Oct 2025

Contributed by Lukas

Criticality Analysis (RA-9) identifies the components, services, and data flows whose compromise would create disproportionate harm, enabling focused ...

Episode 107 — Spotlight: Security Categorization (RA-2)

20 Oct 2025

Contributed by Lukas

Security Categorization (RA-2) anchors the entire control selection process by determining the potential impact of a loss of confidentiality, integrit...

Episode 106 — Spotlight: Vulnerability Monitoring and Scanning (RA-5)

20 Oct 2025

Contributed by Lukas

Vulnerability Monitoring and Scanning (RA-5) ensures organizations continuously identify weaknesses in systems, applications, and configurations befor...

Episode 105 — Spotlight: Risk Assessment (RA-3)

20 Oct 2025

Contributed by Lukas

Risk Assessment (RA-3) defines how organizations identify threats, vulnerabilities, and potential impacts to determine the likelihood and magnitude of...

Episode 104 — Spotlight: Information Spillage Response (IR-9)

20 Oct 2025

Contributed by Lukas

Information Spillage Response (IR-9) focuses on detecting, containing, and remediating incidents where classified, controlled, or otherwise sensitive ...

Episode 103 — Spotlight: Incident Response Plan (IR-8)

20 Oct 2025

Contributed by Lukas

Incident Response Plan (IR-8) ensures that organizations maintain a documented, tested, and updated plan guiding all activities related to incident ma...

Episode 102 — Spotlight: Incident Reporting (IR-6)

20 Oct 2025

Contributed by Lukas

Incident Reporting (IR-6) ensures that detected security incidents are promptly communicated to appropriate parties so that response and oversight occ...

Episode 101 — Spotlight: Incident Handling (IR-4)

20 Oct 2025

Contributed by Lukas

Incident Handling (IR-4) defines how organizations detect, analyze, contain, eradicate, and recover from security incidents in a structured and repeat...

Episode 100 — Spotlight: Least Functionality (CM-7)

20 Oct 2025

Contributed by Lukas

Least Functionality (CM-7) requires systems to provide only the capabilities essential to mission needs, removing or disabling unnecessary services, f...

Episode 98 — Spotlight: Configuration Change Control (CM-3)

20 Oct 2025

Contributed by Lukas

Configuration Change Control (CM-3) governs how proposed modifications to systems and baselines are evaluated, approved, implemented, and recorded. Fo...

Episode 97 — Spotlight: Baseline Configuration (CM-2)

20 Oct 2025

Contributed by Lukas

Baseline Configuration (CM-2) establishes the approved, secure starting point for systems and components, defining the specific settings, versions, an...

Episode 96 — Spotlight: Audit Record Retention (AU-11)

20 Oct 2025

Contributed by Lukas

Audit Record Retention (AU-11) specifies how long organizations must keep audit logs and related records so they remain available for investigations, ...

Episode 95 — Spotlight: Protection of Audit Information (AU-9)

20 Oct 2025

Contributed by Lukas

Protection of Audit Information (AU-9) ensures that collected logs and audit data remain complete, accurate, and tamper-resistant. For exam readiness,...

Episode 94 — Spotlight: Audit Record Review, Analysis, and Reporting (AU-6)

20 Oct 2025

Contributed by Lukas

Audit Record Review, Analysis, and Reporting (AU-6) focuses on how organizations interpret and act upon the logs collected under AU-2. For exam purpos...

Episode 93 — Spotlight: Event Logging (AU-2)

20 Oct 2025

Contributed by Lukas

Event Logging (AU-2) defines which system activities must be recorded to support accountability, detection, and analysis. For exam readiness, candidat...

Episode 92 — Spotlight: Identifier Management (IA-4)

20 Oct 2025

Contributed by Lukas

Identifier Management (IA-4) establishes rules for creating, assigning, and maintaining unique identifiers for all users, devices, and processes that ...

Episode 91 — Spotlight: Non-Organizational User Authentication (IA-8)

20 Oct 2025

Contributed by Lukas

Non-Organizational User Authentication (IA-8) ensures that external users—such as partners, contractors, and customers—are verified before accessi...

Episode 90 — Spotlight: Authenticator Management (IA-5)

20 Oct 2025

Contributed by Lukas

Authenticator Management (IA-5) ensures that credentials—passwords, tokens, keys, or certificates—are created, stored, distributed, and revoked se...

Episode 89 — Spotlight: Identification and Authentication (Organizational Users) (IA-2)

20 Oct 2025

Contributed by Lukas

Identification and Authentication (IA-2) establishes the foundation of trust by ensuring that only verified users gain access to organizational system...

Episode 88 — Spotlight: Least Privilege (AC-6)

20 Oct 2025

Contributed by Lukas

Least Privilege (AC-6) enforces that users and processes operate with the minimum access necessary to perform assigned duties. For exam preparation, c...

Episode 87 — Spotlight: Separation of Duties (AC-5)

20 Oct 2025

Contributed by Lukas

Separation of Duties (AC-5) prevents fraud, error, and unauthorized activity by dividing critical functions among different individuals or roles. On t...

Episode 86 — Spotlight: Access Enforcement (AC-3)

20 Oct 2025

Contributed by Lukas

Access Enforcement (AC-3) defines how authorized permissions are technically applied once accounts are approved. For exam purposes, this control ensur...

Episode 85 — Spotlight: Account Management (AC-2)

20 Oct 2025

Contributed by Lukas

Account Management, designated as control AC dash two in NIST 800-53, governs the creation, use, modification, and termination of system accounts. For...

Episode 84 — Personally Identifiable Information Processing and Transparency — Part Three: Evidence, notices, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence for PII processing controls demonstrates that privacy obligations are implemented and verifiable. For the exam, candidates should know that s...

Episode 83 — Personally Identifiable Information Processing and Transparency — Part Two: Processing, minimization, and consent patterns

20 Oct 2025

Contributed by Lukas

Processing personally identifiable information responsibly means handling data only for legitimate, documented purposes. For exam readiness, candidate...

Episode 82 — Personally Identifiable Information Processing and Transparency — Part One: Purpose, scope, and responsibilities

20 Oct 2025

Contributed by Lukas

Personally identifiable information, or PII, requires special protection because it links data to individuals, creating privacy and reputational risks...

Episode 81 — Personnel Security — Part Three: Evidence, sanctions, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence for personnel security validates that screening, agreements, and access management are conducted according to policy. For exam purposes, cand...

Episode 80 — Personnel Security — Part Two: Screening, agreements, and access lifecycle

20 Oct 2025

Contributed by Lukas

Personnel screening and access management form the operational heart of personnel security. For exam readiness, candidates should understand how pre-e...

Episode 79 — Personnel Security — Part One: Purpose, scope, and roles

20 Oct 2025

Contributed by Lukas

Personnel security ensures that individuals granted system access are trustworthy and that risks from human factors are managed systematically. Within...

Episode 78 — Program Management — Part Three: Evidence, metrics, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence for program management demonstrates that strategic oversight, funding, and governance occur as planned. For the exam, candidates should ident...

Episode 77 — Program Management — Part Two: Governance rhythms and portfolios

20 Oct 2025

Contributed by Lukas

Governance rhythms give structure to program management by defining how often performance is reviewed, decisions are made, and adjustments are impleme...

Episode 76 — Program Management — Part One: Strategy, roles, and alignment

20 Oct 2025

Contributed by Lukas

Program management within NIST 800-53 defines how an organization builds and sustains a coordinated security and privacy program that aligns with miss...

Episode 75 — Planning — Part Three: Evidence and common pitfalls

20 Oct 2025

Contributed by Lukas

Evidence in planning demonstrates that documentation accurately reflects system implementation and governance practice. For exam purposes, candidates ...

Episode 74 — Planning — Part Two: Plan structure, updates, and integration

20 Oct 2025

Contributed by Lukas

Plan structure provides the scaffolding that keeps documentation consistent and auditable across systems. For the exam, candidates must recognize that...

Episode 73 — Planning — Part One: Purpose, scope, and artifacts

20 Oct 2025

Contributed by Lukas

Planning in NIST 800-53 establishes how security and privacy programs are documented, organized, and maintained. For exam purposes, candidates should ...

Episode 72 — Physical and Environmental Protection — Part Three: Evidence, logs, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence of physical and environmental protection verifies that access and monitoring controls function consistently. For exam readiness, candidates s...

Episode 71 — Physical and Environmental Protection — Part Two: Access control and monitoring patterns

20 Oct 2025

Contributed by Lukas

Physical access control extends logical security principles into the built environment. For exam preparation, candidates must understand how layers of...

Episode 70 — Physical and Environmental Protection — Part One: Purpose, scope, and boundaries

20 Oct 2025

Contributed by Lukas

Physical and environmental protection in NIST 800-53 safeguards facilities, equipment, and supporting infrastructure so that logical controls can oper...

Episode 69 — Media Protection — Part Three: Evidence, chain of custody, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence in media protection demonstrates that handling rules were followed and that sensitive content remained controlled throughout its lifecycle. F...

Episode 68 — Media Protection — Part Two: Storage, transport, and destruction patterns

20 Oct 2025

Contributed by Lukas

Storage patterns for sensitive media combine physical control with cryptographic safeguards. On the exam, be ready to explain how locked rooms, safes,...

Episode 67 — Media Protection — Part One: Purpose, scope, and handling basics

20 Oct 2025

Contributed by Lukas

Media protection in NIST 800-53 safeguards information recorded on physical and logical media across its lifecycle—creation, use, storage, transport...

Episode 66 — Maintenance — Part Three: Evidence, approvals, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence for maintenance controls in NIST 800-53 proves that servicing actions were authorized, executed within guardrails, and verified after complet...

Episode 65 — Maintenance — Part Two: Local and remote maintenance patterns

20 Oct 2025

Contributed by Lukas

Maintenance activities occur in two primary contexts—local and remote—each carrying distinct security implications. For exam preparation, candidat...

Episode 64 — Maintenance — Part One: Purpose, scope, and guardrails

20 Oct 2025

Contributed by Lukas

The maintenance control family in NIST 800-53 governs how systems are serviced, updated, and repaired while preserving security and privacy. For exam ...

Episode 63 — Awareness and Training — Part Three: Evidence, coverage, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence for awareness and training proves that the organization’s workforce received, understood, and applied security guidance. For exam purposes,...

Episode 62 — Awareness and Training — Part Two: Implementation patterns and delivery

20 Oct 2025

Contributed by Lukas

Implementing awareness and training requires combining instructional design principles with operational discipline. For exam readiness, candidates sho...

Episode 61 — Awareness and Training — Part One: Purpose, scope, and audiences

20 Oct 2025

Contributed by Lukas

Awareness and training under NIST 800-53 ensure that every individual with system access understands their security responsibilities and possesses the...

Episode 60 — Supply Chain Risk Management — Part Four: Advanced topics and metrics

20 Oct 2025

Contributed by Lukas

Advanced supply chain programs treat dependency risk as a quantifiable, continuously monitored portfolio. For exam readiness, understand how metrics e...

Episode 59 — Supply Chain Risk Management — Part Three: Evidence, approvals, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence in the supply chain domain must show that components are authentic, code is untampered, and providers are meeting obligations over time. For ...

Episode 58 — Supply Chain Risk Management — Part Two: Supplier controls and assurance patterns

20 Oct 2025

Contributed by Lukas

Supplier controls translate expectations into operating rules that suppliers must follow and prove. For exam preparation, understand the assurance pat...

Episode 57 — Supply Chain Risk Management — Part One: Purpose, scope, and outcomes

20 Oct 2025

Contributed by Lukas

Supply chain risk management in NIST 800-53 addresses the reality that modern systems depend on providers, components, and services outside direct org...

Episode 56 — Assessment, Authorization, and Monitoring — Part Four: Advanced topics and metrics

20 Oct 2025

Contributed by Lukas

Advanced practices in assessment, authorization, and monitoring focus on compressing the time between change and assurance while preserving evidence q...

Episode 55 — Assessment, Authorization, and Monitoring — Part Three: Evidence, POA&M, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence in the AAM process substantiates that control testing, authorization, and remediation are properly executed. Candidates should recognize that...

Episode 54 — Assessment, Authorization, and Monitoring — Part Two: Assessment practices and monitoring

20 Oct 2025

Contributed by Lukas

Assessment practices within NIST 800-53 define how controls are tested, reviewed, and scored. For exam readiness, candidates should understand the rol...

Episode 53 — Assessment, Authorization, and Monitoring — Part One: Purpose, scope, and outcomes

20 Oct 2025

Contributed by Lukas

Assessment, authorization, and monitoring—often referred to collectively as A A M—form the governance framework for verifying and maintaining syst...

Episode 52 — System and Services Acquisition — Part Four: Advanced topics and metrics

20 Oct 2025

Contributed by Lukas

Advanced acquisition management applies continuous assurance and data-driven oversight to supplier relationships. For exam purposes, candidates should...

Episode 51 — System and Services Acquisition — Part Three: Evidence, contract hooks, and pitfalls

20 Oct 2025

Contributed by Lukas

Evidence in system and services acquisition demonstrates that suppliers have met agreed security and privacy obligations throughout the lifecycle. For...

Episode 50 — System and Services Acquisition — Part Two: Security engineering and supplier controls

20 Oct 2025

Contributed by Lukas

Security engineering integrates protection principles into product and service design, ensuring risks are mitigated before deployment. Under NIST 800-...

Episode 49 — System and Services Acquisition — Part One: Purpose, scope, and sourcing options

20 Oct 2025

Contributed by Lukas

System and services acquisition ensures that cybersecurity requirements are embedded from the start of procurement and development. NIST 800-53 positi...

Episode 48 — Contingency Planning — Part Four: Advanced topics and metrics

20 Oct 2025

Contributed by Lukas

Advanced contingency planning merges automation, analytics, and integrated resilience design. For exam purposes, candidates should understand how metr...
Page 1 of 2 Next → »»