Validated Architecture Design Review (VADR) Training Pilot

On Demand
Location type


 We are excited to have you take part in the pilot course of Validated Architecture Design Review (VADR) training. Your feedback will be important to see if any adjustments need to be made to the class.

This training instructs AES assessors on how to conduct a VADR assessment according to CISA’s methodology process and procedures.

System Requirements: You will need access to speakers or headphones. You will also be using a Virtual Machine to analyze previously captured network traffic. As such, you’ll need to have VMWare Workstation or Player installed on your computer (free version downloadable here). The VM for the course is configured with a 20GB drive, 2 processors, 4GB of RAM, so your computer will need to have excess capability to support the VM.

Pilot Duration: The course is divided up into 4 sessions and is estimated to take a total of approximately 20 hours to complete. Each session does not need to be completed in one setting. As a self-paced course, you can break up the course to meet your schedule demands and resume where you left off. The pilot course will be available until December 15, 2023.

As a member of the pilot, please time yourself as you are taking the course and provide that time and any feedback in the end-of-course survey which will unlock after completion of the training module.

Throughout the pilot, please make note of any needed changes, recommendations, or difficulties that you experienced.   At the end of the course, you will be prompted to take an end-of-course survey where you can share your observations.

VADR Pilot Registration

To be enrolled in the VADR pilot, please use the VADR registration link on the AES website To enroll on your mobile device, please Click Here and scan the QR Code. Once you’re enrolled in the pilot, we will send you a confirmation email with the course link on the CISA VLP.



Validated Architecture Design Review (VADR) Pilot


Review architecture and design, system configuration, and log files, then analyze network traffic

  • to develop a detailed and sophisticated representation and analysis of the communications, flows, and relationships between devices
  • to identify anomalous and potentially suspicious  communication flows



  • Empowers assessors to evaluate Operational Technology systems within critical infrastructure networks for secure design and operational intent
  • Encompasses architecture and design review, system configuration and log file review, along with sophisticated analysis of network traffic
  • Develops a detailed representation of the communications, flows, and relationships between devices designed to identify anomalous, and potentially suspicious communication flows
  • Verifies that successful students are able to assess the design of the system accurately and to inform organizational leadership how to manage the risk effectively, which is inherent in its selected design methods and cybersecurity solutions
  • For additional information, visit
  • Depends on in-person interviews, documentation review, and in-depth technical analysis
  • Uses best practices, including the Purdue model, NIST 800-53, and the CISA Recommended Secure Architecture
  • Not intended to be a comprehensive audit; instead, it helps an organization identify the most significant weaknesses and make recommendations to mitigate them to improve an organization’s overall cybersecurity posture
  • Primary
    • Assessors with IT and OT experience, Control Systems Subject Matter Experts (Both defined as having five or more years’ experience)
  • Secondary
    • Contractors and others looking to establish an assessment program for Operational Technology systems



Assessment Lead and Sector Subject Matter Expert (S-SME)

Course Length

5 Days

Course Mode

On Demand

Course Agenda

  • Day 1 – Pre-execution activities (scoping, intake, OSINT)
  • Day 2 – Network analysis and execution activities (validation of captures, interviewing techniques and subjects)
  • Day 3 – Execution activities and post-execution (cont. interviews, outbriefing, reporting)
  • Day 4 – Test and capstone
  • Day 5 – Hotwash and feedback


Click Here to enroll for this pilot course.

To enroll on your mobile device, please Click Here and scan the QR Code.

If you have questions or require assistance, please contact