ICCB - Bethesda
shaded background image

The National Counterintelligence and Security Center provides effective leadership and support to the counterintelligence and security activities of the US Intelligence Community, the US Government, and US private sector entities who are at risk of intelligence collection or attack by foreign adversaries.

NCSC Mission
Classroom Course Descriptions

Courses Descriptions

General Information


  •     Contractors must provide on-site government support and        have Government Supervisor or COTR email
           ONCIX-Training@dni.gov with concurrence for attendance        at time of registration and will be added to the general        wait list for the course(s) requested.
  •     Clearance Information – You will receive notification on        passing your clearances in your welcome packet        approximately one month prior.
  •     Courses may have students from our Commonwealth Partner        Countries; contact us if this may impact your attendance.
  •     Our courses are not certification courses for DSS

  ATTENDANCE POLICY: Students are required to attend all   scheduled days of training. Classes will begin promptly at   8:00am so please make sure you are familiar with the course   location and that you arrive on time.

  Privacy Notice:
  The information you provide enables the NCIX Training and   Assistance Group (TAG) to process your request to participate in   a course. It also enables TAG to respond to your inquiries   regarding course completion and academic transcripts, should   you require such information at a future time. Records are   maintained by course title and date of delivery. No other use is   made of information contained in registrants’ course request   forms. The emergency contact information you provide will be   maintained securely and deleted upon course completion.

DNI/NCIX ICD 503 IT Systems Security Risk Management, Assessment & Authorization for the Intelligence Community Course

  PURPOSE:  This course is designed for Information System   Security and Information Assurance Professionals responsible for   implementing and assessing security policies, practices,   procedures and technologies.  The course will cover   implementation and conduct of Intelligence Community (IC)   information systems assessment, authorization, risk management   and continuous monitoring in accordance with ICD 503.  We will   provide students with new methods and approaches to assessing   and authorizing IT systems within the Intelligence Community.    The course will deliver applicable national security level   guidelines and methodologies with specific focus on IC   Standards, plans, methods, processes, and templates.  You will   become familiar with IC 503 templates and processes through   case studies and exercises.

  LENGTH:    4 days / 8:00 – 4:30

  TARGET:   Federal government civilians, military personnel,   State, Local and Tribal governments, Commonwealth Partners   and government contractors who are directly involved in the   assessment and authorization of IC information systems in   accordance with ICD 503 and associated IC Standards.  The   subject matter expertise addressed in the seminar are (ICD 503):

  •          System Categorization
  •          Security Controls and Assessment
  •          Risk Assessment
  •          System Authorization
  •          Continuous Monitoring
  •          Protection of IT equipment and media

  MATERIALS: This course is taught at the UNCLASSIFIED level.


  •          Knowledge of ICD 503, ‘Information Technology Systems         Security Risk Management, Certification, and Accreditation;
  •          Experience and/or knowledge of DCID 6/3, JFAN 6/3 or         DIACAP;
  •          Understanding of IT networks, systems, terminology and         System Development Life Cycle (SDLC)
  •          Familiarization with NIST Special Publication 800-37         Revision 1, ‘Guide for Applying the Risk Management         Framework to Federal Information Systems’, CNSSI 1253,         and NIST SP 800-53 Revision 3, SP 800-39, SP 800-30.
DNI/NCIX ICD 704 Personnel Security Course

  PURPOSE: This course prepares you to make adjudicative   decisions consistent with ICD 704 requirements. We will present   approaches to enhance best practices and reciprocity across the   Intelligence Community and DoD organizations authorized to   grant access and adjudicate for Sensitive Compartmented   Information. We will explain the adjudication process and   identify what should be considered to upgrade an individual to   another clearance and/or access level. This is also an excellent   seminar for security professionals who want to better understand   the process behind adjudication decisions.

  LENGTH: 5 days / 8:00 – 4:30 (8:00 – 12:30 on Friday)

  TARGET: Personnel performing background checks, clearance   upgrades and adjudications. This course is also appropriate to   enhance knowledge of the well-rounded career security   professional.


               SECRET clearance 
  •                  Please review ICD 704 prior to attending course.
DNI/NCIX ICD 705 Physical Security Course

  PURPOSE: The ICD 705 Physical Security Course: Lifecycle of A   SCIF will prepare you to implement the requirements of the new   ICD 705 series documents (ICD 705; ICS 705-1; ICS 705-2 and   the ICD 705 Technical Specifications). The course is designed   using a SCIF lifecycle theme:

  •          Phase I:  Threat Definition and Planning
  •          Phase II:  Preliminary Construction Planning
  •          Phase III:  Design and Construction Requirements
  •          Phase IV:  Accreditation
  •          Phase V:  SCIF Operations and Management
  •          Phase VI:  Disposal of a SCIF

  The course stresses comprehension and construction best   practices and application of the ICD 705 series documents. The   course ends with an Intelligence Community (IC) Forum. The   forum is comprised of senior leaders, accreditors and inspectors   from across the IC.

  LENGTH: 5 days / 8:00 – 4:30 (8:00 – 12:30 on Friday)

  TARGET: Federal government civilians, military personnel and   government contractors responsible for the physical planning and   implementation of SCI and SAP facilities.

  MATERIALS:  UNCLASSIFIED w/classified discussions


  •                  SECRET clearance
  •                 Please review the following documents prior to                   course attendance:
  •                     IC Directive 705, Sensitive Compartmented                       Information Facilities (SCIFs)
  •                     IC Standard 705-1, Physical and Technical                       Standards for SCIFs
  •                     IC Standard 705-2, Standards for Accreditation                       and Reciprocal Use of SCIFs
DNI/NCIX Special Security Officer Course (SSOC)

  PURPOSE: Prepare security professionals who administer SCI   programs. We will familiarize you with security ICDs and SCI   policies and compartments. We use practical implementation   exercises to give hands-on experience. The topics include:

  •            Structure of Intelligence Community
  •            Security Incidents and Investigations
  •            Business and Security Interfaces
  •            Security Awareness, Training, and Education Programs
  •            Special Access Programs
  •            Physical Security (ICD 705)
  •            Personnel Security (ICD 704)
  •            Information Systems Security (ICD 503)

  LENGTH:   5 days / 8:00 – 4:30 (8:00 – 12:30 on Friday)

  TARGET: Security professionals who administer all aspects of SCI   programs


  •            Secret Clearance
  •           Recommended that they have 2-5 years security             experience
DNI/NCIX Principles of Establishing and Operating an Insider Threat Program Course

  PURPOSE: This is a revised course that consolidates the Establish   and Operate an Insider Threat course and the Principles of Hub   Operations course and is designed to expose Insider Threat   personnel to current issues and perspectives that prepare them   to establish their Insider Threat Programs and operate their   Insider Threat Hub. This course contains practical   implementation exercises to give hands-on experience. The class   is divided into teams with an assigned instructor/facilitator for   individual attention. The topics include:

  •            How to meet the requirements of EO 13587, which              directs US Government executive branch departments              and agencies to establish, implement, monitor, and              report on effectiveness of insider threat programs to              protect classified national security information.
  •            Identify your agency’s gaps in CI and security
  •            Do a mock Risk Assessment for your Agency
  •            Drafting your Implementation Plan
  •            Drafting an Insider Threat Program Policy
  •            Insider Threat Program Hub
  •            Hub Functions
  •            Manual/Auto Aggregation of Data Sources
  •            Case Management
  •            Inquiries
  •            Responses and Referrals
  •            Hearing “Voices from the Field” and how they worked to              get their programs running. This will give you a practical              view of what that looks like in a budget constrained              environment.
  •            Capstone Exercise

  LENGTH:   3 days / 8:00 – 4:30

  TARGET: Insider Threat Personnel and/or designated officials


                    PREREQ: Insider Threat Program Manager/Senior                       Official must send e-mail concurrence to
                      ONCIX-Training@dni.gov or participant(s)                       enrollment at time of registration. 


  •                     Understand the requirements of the Executive                       Order
  •                     Gain information, recommendations, and ideas on                       how these may be satisfied
  •                     Build or be introduced to draft products required                       by the EO:
                          a) Risk Analysis
                          b) Implementation Plan and Policy
                          c) Insider Threat Awareness Training for the                          Workforce
  •                     Understand the requirements of Hub Operations
  •                     Describe the Hub Functions required to                       gather information, recommendations, and ideas                       on that support the Insider Threat Program.
  •                     Identify the activities and requirements of:
                          a) User Activity Monitoring
                          b) Manual/Auto Aggregation of Data Sources
                          c) Case Management
                          d) Inquiries, Responses, and Referrals
                          e) Reporting
  •                     Case Studies and Practical Exercises to Reinforce                       Learning
DNI/NCIX Name Trace Workshop

  PURPOSE: To expose counterintelligence and security   professionals to available national level databases and resources   for screening and vetting foreign nationals. During the workshop,   participants will receive a current foreign intelligence collection   threat briefing; a Department of Homeland Security (DHS)   Foreign Access Management (FAM) program briefing; FBI   National Name Check Program briefing and briefing from other   applicable national level resources. There will also be live   demonstrations using the Business Risk Analysis Clearinghouse   (BRANCH) tool and other intelligence community applications.

  LENGTH:   1 day, 8:00 – 4:00 (with an hour break for lunch)

  TARGET:   New or junior investigators, analysts, security officers,   and adjudicators assigned to counterintelligence or security   programs


  PREREQ.:   None


  •                    List key national and community name trace                      databases
  •                    List available resources to validate a foreign                      national’s identity
  •                    Perform the basic mechanics of a name trace
  •                    Define the meaning of “no record on file” type                      responses
  •                    Explain the value of conducting name traces and                      vetting foreign nationals
  •                    Case Studies and Practical Exercises to Reinforce                      Learning
DNI/NCIX Mid-Level Security Professional Seminar (MSPS)

  PURPOSE: Expose mid-level security officers to security issues   and perspectives that prepare them for positions of greater   responsibility in the security profession.  The MSPS is the middle   step in a three level comprehensive training development   hierarchy for IC Security Professionals.  The MSPS contains   practical implementation exercises to give hands-on experience.    The class is divided into teams with an assigned   instructor/facilitator for individual attention.  The topics include:

  •          Security Challenges Ahead
  •          Security from Multiple Perspectives
  •          IC Security Policy:  Changes and Current Trends
  •          Analytical Risk Management (Mid-Level)
  •          Supervisory Growth and Management Challenges
  •          Leading an Effective Security Organization
  •          Information Systems Security in Transition
  •          Physical and Technical Security in Transition
  •          Personnel Security Today
  •          Achieving Excellence in Security Management
  •          Being a Security Leader of Integrity
  •          Communicating Security for Success
  •          Decision Making for the Security Manager
  •          Making the Most of Your Security Career

  LENGTH:  5 days / 8:00 – 4:30 (8:00 – 12:30 on Friday)

  TARGET:  Security Managers who administer all aspects of SCI   programs

  MATERIALS:  UNCLASSIFIED w/classified discussions


  •          Attendees must have TS/ SCI and 5-10 years security         experience/GS11-GS13
DNI/NCIX Senior Security Professional Seminar (SSPS)

  PURPOSE: Expose the “next generation” of security managers   and leaders to community best practices and provide a resource   for developing effective program managers and leaders.  Best   practices and management philosophies will be woven   throughout the seminar.  We will engage participants in highly   interactive discussions with top-notch security practitioners as   presenters and facilitators.  Exercises are utilized throughout the   week to emphasize learning points and facilitate discussions.    Each day will have a primary focus discussing principles in   managing complex and integrated security programs.  The topics   include:

  •          Launching Leadership in Security
  •          Conflict Resolution
  •          Building a Successful Security Program
  •          Workplace Violence Tools for Security
  •          Motivation by Communicating Security Message
  •          Decision Making for Today’s Security Professional
  •          Foundations of a CI Profession
  •          Security Hot Topics
  •          Spotlight Panel (security leaders from different IC         agencies)
  •          Keynote guest speakers from different IC agencies

  LENGTH: 5 days: begins on Sunday at 4pm and concludes Friday   noon (must stay on-site)

  TARGET: Security professionals and managers

  COST: You are responsible for per diem for accommodations and   meals


  PREREQ.: --Government Personnel Only GS 14-15 or   equivalent with minimum 10 years security experience 
  Requires an emailed letter of recommendation from   organizational supervisor to dni-ssc-training@dni.gov


DNI/NCIX Sensitive Compartmented Information (SCI) Overview Seminar

  The courses below are currently being converted into Web-based   training. Consideration will be made to hold a course live on-site   by request, with a minimum of 75 participants. Contact
  ONCIX-Training@dni.gov for more information.


  Module 1- Welcome to Intelligence Community (IC)   Security: A thorough SCI security exposure for recently SCI-  approved personnel, or for those that do not handle SCI as part   of their daily work lives.  The session allows you to walk away   with a solid security foundation and an understanding of your   responsibilities.  It provides basic knowledge needed to protect   classified activities, procedures, systems, and facilities. 

  Module 2 – Intelligence Community Security Today:   Highlight key security points from Module 1, and provide a   greater focus on changes within security in a post 9/11 world.    This session is useful as a refresher for security practitioners,   and as an update of current security changes.

  Module 3 - Classification Management:  Provide a general   understanding of classification management and how to   properly mark documents.  This session explains the basic   elements of classification management, what we are protecting   and how to do it.  You will be briefed on safeguarding   procedures, the basic elements of E.O. 12958, derivative   classification authorities and we conclude with a classification   exercise.

  Module 4 – Unauthorized Disclosures: Explains problems   surrounding unauthorized disclosures and provides security   officers the tools to effectively respond to issue of unauthorized   disclosures.  You will be briefed on the laws and will gain insight   into damage done by unauthorized disclosures.  We will also   explain responsibilities and requirements under ICD 701.

  Module 5 – Living Within a Sensitive Compartmented   Information Facility (SCIF):  Expose attendees to principles   and practices for the protection and management of information   within the confines of a SCIF.  A basic overview of access   control, escorting visitors, how the SCIF is constructed, how to   store information, and general policies that govern SCIFs and   those that work in them.  There will be an overview regarding   SCI materials as well as classification management and how to   ensure information stored within the SCIF is managed correctly.    The course will include interactive discussions and exercises to   emphasize learning points and facilitate discussions. 

  LENGTH:  Modules 1,2,3,4 = 3 hours each.  Module 5 = 7   hours.  Modules are stand-alone.  If selecting Modules 1-  4,   please select at least 2 modules.

  TARGET: Federal government civilians, military personnel and   government contractors with responsibility for briefing newly   SCI-cleared personnel.  Also may be used for newly SCI-  accessed personnel or for an annual refresher briefing.

  MATERIALS:  UNCLASSIFIED w/classified discussions

  •          Attendees must have TS for #1,2,5.
DNI/NCIX Establishing and Operating and Insider Threat Detection Program

  PURPOSE: The Defensive Counterintelligence (CI) Program for   Federal Partners Course equips you with the tools and abilities   to establish or enhance a Defensive CI Program (DCIP) within   your agency. We will provide approaches and best practices to   enhance your abilities   to provide threat briefing and de-briefing.   You will learn how to develop a Defensive CI Program by   blending counterintelligence concepts with security protocols.

  LENGTH: 3 days/8:00 - 4:30 (first day 7:30 – 4:00)

  TARGET AUDIENCE: Federal government employees or   contractors assigned defensive CI or security responsibilities   (analysts, investigators, adjudicators, and other related career   fields)

  MATERIALS: Unclassified w/classified discussions

  PREREQ: SECRET Security Clearance


background image