Icons & text

  • Video

    An actual ISSO/Cybersecurity veteran explains (in plain English) what you DO in the Risk Management Framework process.

  • Audiobook

    Listen to how the entire process works while you work or while you drive by downloading the MP3 and listening.

  • Downloads, templates and a book

    Download templates for System Security Plans, security policies and more. Check out sample documents, read the book that summarizes the process.

RMF ISSO Foundations curriculum

  • 02

    Being an ISSO

    Show Content
    • Being an ISSO

      FREE PREVIEW
    • ISSO 101

    • Profile of an ISSO

    • How Technical Do You Need to Be as an ISSO?

    • Certs and Degrees for ISSOs

    • Information System Security Officer (ISSO) Guide (DHS)

    • I want to know about YOU!

  • 03

    RMF ISSO Intro

    Show Content
    • What is RMF?

    • RMF 101

    • NIST SP 800-37 r2, Risk Management Framework for Information Systems and Organizations

    • NIST SP 800-37r1, Guide for Applying the Risk Management Framework to Federal Information Systems (replaced dec 2019)

    • Risk Management Framework Resources

    • 0_RMF ISSO Intro

    • 1_RMF ISSO Sample Systems

  • 04

    Prepare

    Show Content
    • Prepare: Tasks

    • Prepare: Points of Contact

    • Prepare: Minutes, Hardware / Software, Diagrams

    • RMF Prepare 101

    • Stakeholders POC, Hardware, Software (downloadable)

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations

    • NIST SP 800-37 Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems

    • Security Plan (sample)

    • RMF ISSO Preparation

    • Resource for RMF Prepare

      FREE PREVIEW
  • 05

    Categorize

    Show Content
    • Category: System Description

    • Categorize Quiz 1

    • Category: Information Type 1: NIST 800-60 Vol 2

    • Category: Security Category Determined By Impact Level

    • Categorize Quiz 2

    • NIST SP 800-60v2r1, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories

    • NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems

    • Category: Security Category High Water Mark

    • Categorize Quiz 3

    • Concept of Operations Template (downloadable

    • Category: System Security Plan

    • NIST SP 800-18 r1, Guide for Developing Security Plans for Federal Information Systems

    • System Security Plan Excel(downloadable)

    • Information System Security Plan Template

    • NIST 200, Minimum Security Requirements for Federal Information and Information Systems

    • RMF ISSO Categorize

  • 06

    Select

    Show Content
    • Select: Intro

    • Select: Baseline Controls

    • Select: Tailor Controls

    • Select: Allocation

    • Select: Documentation

    • Select: Monitoring

    • Select: Approval

    • NIST SP 800-53 r4, Security and Privacy Controls for Federal Information Systems and Organizations

    • NIST SP 800-53 r5 (draft), Security and Privacy Controls for Information Systems and Organizations

    • Example of a System that does RMF - eMASS STEP by STEP

    • RMF ISSO Selection

  • 07

    Implement

    Show Content
    • Implement: Work with Subject Matter Experts

    • Implement: DIY Implementation

    • Implement: Resources

    • RMF ISSO Implement

  • 08

    Assess

    Show Content
    • Assess: Tasks Intro

    • Assess: What Happens During Assessments?

    • Assess: Resources

    • NIST SP 800-53A r4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

    • NIST 800-30 v1, Risk Assessment

    • RMF ISSO Assess

  • 09

    Authorize

    Show Content
    • Authorize

    • RMF ISSO Authorize

  • 10

    Monitor

    Show Content
    • Continuous Monitor

    • NIST SP 800-137, Information Security Continuous Monitoring

    • RMF ISSO Monitor

  • 11

    About me

    Show Content
    • About me

    • My Resume as a ISSO

    • How to Contact Me

  • 12

    Case Study: DNC Hack (Large Organization with No RMF)

    Show Content
    • Cyberwar Mueller Report Cybersecurity (Part 1)

    • Cyberwar Mueller Report Cybersecurity (Part 2)

  • 13

    RMF ISSO Interview

    Show Content
  • 14

    RMF ISSO Audio (~6 hours, MP3 Downloadable)

    Show Content
    • RMF ISSO Foundations (Audio only)

  • 15

    Risk Management vs Risk Assessment

    Show Content

Pricing options

More that reasonable price for knowledge that is fundamental to development.

Call to action

Get started now

Buy Now

Additional products

View more courses