Assessment Evaluation and Standardization Program
Important Notice about the AES Training Program
The Assessment Evaluation and Standardization (AES) Program is changing its virtual training course registration and delivery processes for certain courses, and we want you to be the first to know!
What does this mean for you?
You will follow a new registration process if you are enrolled in the following courses.
- High Value Asset (HVA)
- Risk and Vulnerability Assessment (RVA)
What if I have already registered for a course?
Your registration is confirmed if you have already passed your prerequisites and enrolled in one of the remaining FY24 AES courses, listed below.
What are the details of the new AES virtual training course delivery process?
- All AES virtual courses will be delivered via Microsoft Teams.
- Please read the details below regarding the new registration process.
- All course materials will be delivered to each student in an email from the AES program in advance of the course start date.
Important! Download all materials for use during class.
- The course instructor will provide students with any additional course information.
- You will receive emails with links to the AES Code of Ethics and Compliance, the AES Capstone Exam, and the AES Course Feedback Survey.
- AES will grade all capstone exams and final reports, then notify students of their results.
- AES will email a course certificate of qualification to all students who successfully pass both parts of the capstone exam.
- AES will email a Did-Not-Pass message with follow-up information to all students who do not pass their course.
What is the new AES virtual training course registration process?
- To request a place in an AES course, email AEStraining@hq.dhs.gov, In your message, identify the course date and role, and your email address.
- AES emails your registration confirmation with course instructions.
What are the remaining AES fy24 virtual training courses?
As a reminder, the new processes are in effect for the remaining AES FY24 virtual training courses.
- May 6 – 10, 2024
- HVA Non-Tier 1
- June 3 – 7, 2024
- HVA Non-Tier 1
- June 10 – 14, 2024
- RVA
Thank you for your continued interest in and support of the AES program. We look forward to seeing you soon in one of our training courses.
The role and mission of the Assessment Evaluation and Standardization (AES) program is to increase the quality and quantity of cyber professionals who can execute CISA cyber assessments.
Training assessors to conduct CISA standard Cyber Risk Assessment methodologies is a major step in setting up an ecosystem that is critical to the success of performing cyber assessments, and in providing national-level data views that drive initiatives to reduce risk.
The approach assists all .GOV and .MIL and critical Infrastructure to include SLTT, Public, and Private Organizations.
The AES program accomplishes this mission by:
- producing a federal, and private sector, workforce of prepared and qualified assessors.
- ensuring that assessors have the knowledge and skills necessary to conduct assessments according to the CISA standards and methodologies.
- confirming that assessment results are of high quality, consistent, and repeatable.
AES Program Overview
AES has created a detailed video overview of the AES program. We strongly encourage all prospective students review this video to learn more about the AES program, prerequisites, and qualification requirements.
AES Training Process
Each student in the AES program will follow the steps below based on AES role and course to become an AES qualified assessor.
AES Training Courses
Cybersecurity Performance Goals (CPG) Course
Evaluates whether a minimum baseline of cybersecurity technologies and practices are implemented in Information Technology (IT) and Operational Technology (OT) environments in small- and medium-sized organizations.
Cyber Resilience Review (CRR) Course
Evaluates operational resilience and cybersecurity practices through an interview-based assessment.
By signing up for the CRR the student is registering for both the CRR and EDM courses taught in the same week
External Dependencies Management (EDM) Course
Evaluates management of external dependencies through an interview-based assessment.
By signing up for the EDM the student is registering for both the CRR and EDM courses taught in the same week.
High Value Assets (HVA) Course
Evaluates the HVA security architecture to identify potential risks from technical concerns (for non-Tier 1 HVAs only)
Risk and Vulnerability Assessment (RVA) Course
Evaluates on-site data and national threats and vulnerabilities to identify potential exploitation of network security controls
Validated Architecture Design Review (VADR) Course
Evaluates systems, networks, and security services to determine their reliability and resiliency of design, construction, and operation
Incident Management Review (IMR) Course
Evaluates the processes used to identify and analyze events, declare incidents, determine a response, and improve an organization’s incident management capability
Contact
To ask a question or provide other feedback on AES training, contact us at AEStraining@hq.dhs.gov