What you get in the course:

  • +8 hours of Video from NIST RMF SME

    Bruce was an information system security officer (ISSO) for the public and private sectors since 2000.

  • Templates / Resources

    Get the tools you need: downloadable templates of Plan of Action and Milestone (POAMs), System Security Plan (SSP) as well as crucial resources and references to dive deeper.

  • Audio Book

    Download the MP3 of the course and listen to it on your phone.

Course curriculum

  • 1

    Welcome to the course!

  • 2

    Being an ISSO

    • Being an ISSO

      FREE PREVIEW

    • ISSO 101

    • Profile of an ISSO

    • How Technical Do You Need to Be as an ISSO?

    • Certs and Degrees for ISSOs

    • Information System Security Officer (ISSO) Guide (DHS)

    • I want to know about YOU!
  • 3

    RMF ISSO Intro

    • What is RMF?

    • RMF 101

    • NIST SP 800-37 r2, Risk Management Framework for Information Systems and Organizations

    • NIST SP 800-37r1, Guide for Applying the Risk Management Framework to Federal Information Systems (replaced dec 2019)

    • Risk Management Framework Resources

    • 0_RMF ISSO Intro

    • 1_RMF ISSO Sample Systems
  • 4

    Prepare

  • 5

    Categorize

    • Category: System Description

    • Categorize Quiz 1

    • Category: Information Type 1: NIST 800-60 Vol 2

    • Category: Security Category Determined By Impact Level

    • Categorize Quiz 2

    • NIST SP 800-60v2r1, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories

    • NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems

    • Category: Security Category High Water Mark

    • Categorize Quiz 3

    • Concept of Operations Template (downloadable

    • Category: System Security Plan

    • NIST SP 800-18 r1, Guide for Developing Security Plans for Federal Information Systems

    • System Security Plan Excel(downloadable)

    • Information System Security Plan Template

    • NIST 200, Minimum Security Requirements for Federal Information and Information Systems

    • RMF ISSO Categorize

  • 6

    Select

    • Select: Intro

    • Select: Baseline Controls

    • Select: Tailor Controls

    • Select: Allocation

    • Select: Documentation

    • Select: Monitoring

    • Select: Approval

    • NIST SP 800-53 r4, Security and Privacy Controls for Federal Information Systems and Organizations

    • NIST SP 800-53 r5 (draft), Security and Privacy Controls for Information Systems and Organizations

    • Example of a System that does RMF - eMASS STEP by STEP

    • RMF ISSO Selection

  • 7

    Implement

    • Implement: Work with Subject Matter Experts

    • Implement: DIY Implementation

    • Implement: Resources

    • RMF ISSO Implement
  • 8

    Assess

    • Assess: Tasks Intro

    • Assess: What Happens During Assessments?

    • Assess: Resources

    • NIST SP 800-53A r4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

    • NIST 800-30 v1, Risk Assessment

    • RMF ISSO Assess
  • 9

    Authorize

    • Authorize

    • RMF ISSO Authorize
  • 10

    Monitor

    • Continuous Monitor

    • NIST SP 800-137, Information Security Continuous Monitoring

    • RMF ISSO Monitor
  • 11

    About me

    • About me

    • My Resume as a ISSO

    • How to Contact Me
  • 12

    Case Study: DNC Hack (Large Organization with No RMF)

    • Cyberwar Mueller Report Cybersecurity (Part 1)

    • Cyberwar Mueller Report Cybersecurity (Part 2)

  • 13

    RMF ISSO Interview

  • 14

    RMF ISSO Audio (~6 hours, MP3 Downloadable)

    • RMF ISSO Foundations (Audio only)
  • 15

    Risk Management vs Risk Assessment

  • 16

    RMF ISSO Book

    • RMF ISSO Foundation CONTROLS v8
  • 17

    ISSO Skills and Knowledge You Need

    • What is CVE & CVSS?

    • CVE ID

    • Where the CVEs are Made

    • CVE Life Cycle and Zero Days

    • CVSS Score

    • Prioritization

reviews

5 star rating

RMF ISSO Foundations Review_DT

Andre Kelly

This courses is a invaluable resource if you are new to the RMF process, or like myself trying to update my knowledge base to become a RMF SME for my curre...

Read More

This courses is a invaluable resource if you are new to the RMF process, or like myself trying to update my knowledge base to become a RMF SME for my current position. I like that the instructor has shown real world examples in scenarios and documentation that a lot of courses don't even address. I would definitely buy more of these courses and recommend to anyone that is interested in getting into cybersecurity or increase their knowledge base on a subject.

Read Less
5 star rating

RMF ISSO Foundations Training

Norman OBrient

Good training - I like your style of teaching and appreciate that you are not an academic snob. I have been working in this space for 4 years now and was abl...

Read More

Good training - I like your style of teaching and appreciate that you are not an academic snob. I have been working in this space for 4 years now and was able to put concepts that I did not know before the course. In particular using 800-53A as a tool before the SCA visits. Thank you! Hope you come out with an ISSM course sometime too. All the best! Norm

Read Less
5 star rating

ISSO Foundations

Kossivi Dam

Great course

Great course

Read Less
5 star rating

Welcome

Babalola Ogunbiyi

Read Less

Pricing options