Icons & text

  • Video

    An actual ISSO/Cybersecurity veteran explains (in plain English) what you DO in the Risk Management Framework process.

  • Audiobook

    Listen to how the entire process works while you work or while you drive by downloading the MP3 and listening.

  • Downloads, templates and a book

    Download templates for System Security Plans, security policies and more. Check out sample documents, read the book that summarizes the process.

RMF ISSO Foundations curriculum

  • 02

    Being an ISSO

    Show Content
    • Being an ISSO

      FREE PREVIEW
    • ISSO 101

    • Profile of an ISSO

    • How Technical Do You Need to Be as an ISSO?

    • Certs and Degrees for ISSOs

    • Information System Security Officer (ISSO) Guide (DHS)

    • I want to know about YOU!

  • 03

    RMF ISSO Intro

    Show Content
    • What is RMF?

    • RMF 101

    • NIST SP 800-37 r2, Risk Management Framework for Information Systems and Organizations

    • NIST SP 800-37r1, Guide for Applying the Risk Management Framework to Federal Information Systems (replaced dec 2019)

    • Risk Management Framework Resources

    • 0_RMF ISSO Intro

    • 1_RMF ISSO Sample Systems

  • 04

    Prepare

    Show Content
    • Prepare: Tasks

    • Prepare: Points of Contact

    • Prepare: Minutes, Hardware / Software, Diagrams

    • RMF Prepare 101

    • Stakeholders POC, Hardware, Software (downloadable)

    • NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations

    • NIST SP 800-37 Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems

    • Security Plan (sample)

    • RMF ISSO Preparation

    • Resource for RMF Prepare

      FREE PREVIEW
  • 05

    Categorize

    Show Content
    • Category: System Description

    • Categorize Quiz 1

    • Category: Information Type 1: NIST 800-60 Vol 2

    • Category: Security Category Determined By Impact Level

    • Categorize Quiz 2

    • NIST SP 800-60v2r1, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories

    • NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems

    • Category: Security Category High Water Mark

    • Categorize Quiz 3

    • Concept of Operations Template (downloadable

    • Category: System Security Plan

    • NIST SP 800-18 r1, Guide for Developing Security Plans for Federal Information Systems

    • System Security Plan (downloadable)

    • NIST 200, Minimum Security Requirements for Federal Information and Information Systems

    • RMF ISSO Categorize

  • 06

    Select

    Show Content
    • Select: Intro

    • Select: Baseline Controls

    • Select: Tailor Controls

    • Select: Allocation

    • Select: Documentation

    • Select: Monitoring

    • Select: Approval

    • NIST SP 800-53 r4, Security and Privacy Controls for Federal Information Systems and Organizations

    • NIST SP 800-53 r5 (draft), Security and Privacy Controls for Information Systems and Organizations

    • Example of a System that does RMF - eMASS STEP by STEP

    • RMF ISSO Selection

  • 07

    Implement

    Show Content
    • Implement: Work with Subject Matter Experts

    • Implement: DIY Implementation

    • Implement: Resources

    • RMF ISSO Implement

  • 08

    Assess

    Show Content
    • Assess: Tasks Intro

    • Assess: What Happens During Assessments?

    • Assess: Resources

    • NIST SP 800-53A r4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

    • NIST 800-30 v1, Risk Assessment

    • RMF ISSO Assess

  • 09

    Authorize

    Show Content
    • Authorize

    • RMF ISSO Authorize

  • 10

    Monitor

    Show Content
    • Continuous Monitor

    • NIST SP 800-137, Information Security Continuous Monitoring

    • RMF ISSO Monitor

  • 11

    About me

    Show Content
    • About me

    • My Resume as a ISSO

    • How to Contact Me

  • 12

    Case Study: DNC Hack (Large Organization with No RMF)

    Show Content
    • Cyberwar Mueller Report Cybersecurity (Part 1)

    • Cyberwar Mueller Report Cybersecurity (Part 2)

  • 13

    RMF ISSO Interview

    Show Content
  • 14

    RMF ISSO Audio (~6 hours, MP3 Downloadable)

    Show Content
    • RMF ISSO Foundations (Audio only)

Pricing options

More that reasonable price for knowledge that is fundamental to development.

Call to action

Get started now

Buy Now