Implementing NIST Cybersecurity Framework

Course Description:

Many enterprises lack an approach that integrates cybersecurity standards and enterprise governance of I&T (EGIT) to establish systematic—yet flexible and achievable—governance and management objectives, processes and capability levels to make measured improvements toward cybersecurity goals.

The NIST Cybersecurity Framework (CSF) was initially created to support critical infrastructure providers and continues to evolve based on continuous feedback from diverse stakeholders and use cases. Today, the CSF is useful guide to help any enterprise address its cyber risk.

This course is focused on the NIST CSF, its goals, implementation steps, and the ability to apply this information in an organization’s environment. The course and exam are for individuals who have a basic understanding of both COBIT 2019 and security concepts, and who are involved in improving and/or building the cybersecurity program for their enterprises.

At the conclusion of this course, attendees will understand:

  • Describe the key concepts of COBIT 2019 as taught in the COBIT Foundation course.
  • Identify the goals of the Cybersecurity Framework (CSF).
  • Align company cybersecurity efforts to the CSF.
  • Identify each of the seven CSF implementation steps.
  • Apply and evaluate the implementation steps using COBIT 2019.
  • Define Executive Order 13636.
  • Identify the relationship between COBIT 2019 and CSF steps and activities.
  • Identify the benefits for applying the framework.
  • Outline the framework implementation information flow.
  • Identify the steps aligned to COBIT Principles.
  • Define CSF Components.
  • Determine the appropriate scope and tier for the organization.
  • Complete a profile.
  • Complete an action plan.
  • Review an action plan.
  • Determine whether the program delivered against expectations.

Who Should Attend? 

This course is intended for individuals with a basic understanding of COBIT 2019 and security concepts who are also involved in improving the cybersecurity program for their own organization or outside organizations.

Prerequisites: Successful completion of the COBIT 2019 Foundation Exam or COBIT 2019 Bridge Exam.

Duration: 2 Days / 14 Hours


Syllabus area title

  • Introduction; COBIT 2019 Review
  • Overview to the CSF
  • CSF Structure
  • Phase 1 (Step 1: Prioritize and Scope)
  • Phase 2 (Step 2: Orient & Step 3: Create a Current Profile)


  • Phase 3 (Step 4: Conduct a Risk Assessment & Step 5: Create a Target Profile)
  • Phase 4 (Step 6: Determine, Analyze, and Prioritize Gaps)
  • Phase 5 (Step 7: Implement Action Plan)
  • Phase 6 (CSF Action Plan Review)
  • Phase 7 (CSF Life Cycle Management) & Summary

Exam Format

The Implementing the NIST Cybersecurity Framework Using COBIT 2019 exam is designed to test the candidate’s knowledge of the framework as opposed to memorization. Exam must be registered and scheduled directly with ISACA:

  • Online proctored exam
  • 50 multiple choice questions
  • Closed-book
  • One correct answer for each question, using four choices (A, B, C or D)
  • 90 minute duration
  • Pass rate is 65% or 33 correct answers out of 50