505 - Vulnerability Assessments (VA)

Course Description

Course Description

This course provides an overview of the Vulnerability Assessment (VA) process within the GC. It describes one approach to VA and provides insights to different types of VA. Upon completion, participants should be able to manage a VA process and to use the knowledge to assess their department’s security posture.


  • Describe how VA fits into IT security risk management and the departmental security program
  • Describe the VA methodology approach used by the GC
  • Compare different types of VAs
  • Interpret information from VA reporting to support departmental IT security risk management


2 days

Target Audience

Project/Program managers, IT Security designers, architects, engineers and managers, ITSCs.

Recommended Prior Learning

Courses 101, 105 

Resources and Related Learning

NIST Publications

  • Special Publications:
    • An Introduction to Computer Security: The NIST Handbook (Special Publication 800-12)
    • Risk Management Guide for Information Technology Systems (Special Publication 800-30)
    • Recommended Security Controls for Federal IT Systems (Special Publication 800-53)(Draft)
    • Guideline on Network Security Testing (Special Publication 800-42)
    • Technical Guide to Information Security Testing and Assessment (Special Publication 800-115)
    • Security Considerations in the System Development Life Cycle (Special Publication 800-64)
  • National Vulnerability Database
  • National Checklist Program Repository

Public Publications


Please see our IT Security Course Calendar: HTML | PDF (169KB)

Registration Form - PDF (84KB) * Accessibility Notice