What you get in the course:

  • +8 hours of Video from NIST RMF SME

    Bruce was an information system security officer (ISSO) for the public and private sectors since 2000.

  • Templates / Resources

    Get the tools you need: downloadable templates of Plan of Action and Milestone (POAMs), System Security Plan (SSP) as well as crucial resources and references to dive deeper.

  • Audio Book

    Download the MP3 of the course and listen to it on your phone.

Course curriculum

  • 1

    Welcome to the course!

  • 2

    Being an ISSO

    • Being an ISSO

      FREE PREVIEW

    • ISSO 101

    • Profile of an ISSO

    • How Technical Do You Need to Be as an ISSO?

    • Certs and Degrees for ISSOs

    • Information System Security Officer (ISSO) Guide (DHS)

    • I want to know about YOU!
  • 3

    RMF ISSO Intro

    • What is RMF?

    • RMF 101

    • NIST SP 800-37 r2, Risk Management Framework for Information Systems and Organizations

    • NIST SP 800-37r1, Guide for Applying the Risk Management Framework to Federal Information Systems (replaced dec 2019)

    • Risk Management Framework Resources

    • 0_RMF ISSO Intro

    • 1_RMF ISSO Sample Systems
  • 4

    Prepare

  • 5

    Categorize

    • Category: System Description

    • Categorize Quiz 1

    • Category: Information Type 1: NIST 800-60 Vol 2

    • Category: Security Category Determined By Impact Level

    • Categorize Quiz 2

    • NIST SP 800-60v2r1, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories

    • NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems

    • Category: Security Category High Water Mark

    • Categorize Quiz 3

    • Concept of Operations Template (downloadable

    • Category: System Security Plan

    • NIST SP 800-18 r1, Guide for Developing Security Plans for Federal Information Systems

    • System Security Plan Excel(downloadable)

    • Information System Security Plan Template

    • NIST 200, Minimum Security Requirements for Federal Information and Information Systems

    • RMF ISSO Categorize

  • 6

    Select

    • Select: Intro

    • Select: Baseline Controls

    • Select: Tailor Controls

    • Select: Allocation

    • Select: Documentation

    • Select: Monitoring

    • Select: Approval

    • NIST SP 800-53 r4, Security and Privacy Controls for Federal Information Systems and Organizations

    • NIST SP 800-53 r5 (draft), Security and Privacy Controls for Information Systems and Organizations

    • Example of a System that does RMF - eMASS STEP by STEP

    • RMF ISSO Selection

  • 7

    Implement

    • Implement: Work with Subject Matter Experts

    • Implement: DIY Implementation

    • Implement: Resources

    • RMF ISSO Implement
  • 8

    Assess

    • Assess: Tasks Intro

    • Assess: What Happens During Assessments?

    • Assess: Resources

    • NIST SP 800-53A r4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

    • NIST 800-30 v1, Risk Assessment

    • RMF ISSO Assess
  • 9

    Authorize

    • Authorize

    • RMF ISSO Authorize
  • 10

    Monitor

    • Continuous Monitor

    • NIST SP 800-137, Information Security Continuous Monitoring

    • RMF ISSO Monitor
  • 11

    About me

    • About me

    • My Resume as a ISSO

    • How to Contact Me
  • 12

    Case Study: DNC Hack (Large Organization with No RMF)

    • Cyberwar Mueller Report Cybersecurity (Part 1)

    • Cyberwar Mueller Report Cybersecurity (Part 2)

  • 13

    RMF ISSO Interview

  • 14

    RMF ISSO Audio (~6 hours, MP3 Downloadable)

    • RMF ISSO Foundations (Audio only)
  • 15

    Risk Management vs Risk Assessment

Pricing options