CYBERSECURITY GRC • NIST RMF SP 800-37
RMF ISSO: Foundations v2
Learn what you actually need to know about being an Information System Security Officer (ISSO) doing the NIST Risk Management Framework from a +20 year ISSO cybersecurity GRC expert. No fluff just plain straight forward explanations. Go end‑to‑end through RMF so you can speak the language of assessors, authorizing officials, and GRC leaders.
8+ hours of step‑by‑step video from a veteran NIST RMF SME
Taught entirely from the ISSO’s point of view—what you actually do at each RMF step
Downloadable POA&M and SSP templates plus key references
Get the book: Information System Security NIST 800 2-in-1 ($41 value)
Subscription access — instant updates when RMF guidance evolves.
100% online • Learn at your own pace • Designed for working professionals in Cybersecurity, RMF, and GRC roles
Your RMF ISSO launchpad
Bruce has served as an Information System Security Officer (ISSO) across public and private sector environments since 2000. This course distills decades of RMF experience into a practical, field‑tested framework you can apply immediately.
Real‑world ISSO workflows, not theory
Plain‑English explanations of NIST SP 800‑37
Downloadable templates and artifacts
Get the book: Information System Security NIST 800 2-in-1 ($41 value)
Perfect for: aspiring / current ISSOs, security analysts, system owners, auditors, and GRC professionals who need working‑level RMF literacy.
WHY THIS COURSE
Built for serious Cybersecurity & GRC professionals
8+ hours
On‑demand RMF video training from a NIST SME.
20+ artifacts
Templates and references you can plug into live RMF packages.
2 in 1 RMF Book
2 in 1 RMF book bundle. Updates as NIST and agency guidance evolves.
COURSE OUTCOMES
Understand RMF the way an ISSO is expected to
Too many people “know” RMF only at the buzzword level. This course walks you through NIST SP 800‑37 step‑by‑step, but always grounded in the real‑world responsibilities of an ISSO in federal and commercial environments.
- Translate NIST SP 800‑37 into clear ISSO actions and deliverables
- Understand how RMF fits into ATO, continuous monitoring, and security authorization
- Confidently speak with system owners, assessors, and authorizing officials
- Identify where POA&Ms, SSPs, and other key artifacts are created and maintained
- Avoid the common mistakes that delay ATO decisions and trigger rework
From kickoff to ATO: inside the RMF lifecycle
RMF context and core concepts
Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor
ISSO responsibilities at each RMF step
Information Systems Security NIST 800 2-in-1 eBook ($41 value)
Risk responses what thy are and what to do
System Security Plan (SSP), POA&Ms, and other docs
Preparing for security assessments and ATO decisions
You’ll finish with a mental model and vocabulary that align with how senior GRC leaders and federal stakeholders think about RMF—and what they expect from an ISSO assigned to a system.
TEMPLATES & AUDIO
Practical assets you can use on day one
This isn’t just slideware. Your subscription includes downloadable templates and an audio‑only version so you can keep learning when you’re away from the screen.
Templates & Resources
- Plan of Action and Milestone (POA&M) template
- System Security Plan (SSP) structure and example content
- Reference list for NIST publications and key guidance
- Supporting artifacts to reinforce each RMF step
MEET YOUR INSTRUCTOR
Bruce — Information System Security Officer since 2000
Bruce has served as an Information System Security Officer (ISSO) supporting both public sector and commercial systems for more than two decades. He has lived through the evolution of NIST guidance, agency overlays, and the day‑to‑day realities of keeping systems authorized and defensible.
Instead of abstract lectures, you’ll hear how an experienced ISSO actually navigates categorization meetings, SSP reviews, assessor questions, and ATO milestones—so you can avoid the painful pitfalls that never show up in the official documentation.
Ideal if you want: a seasoned mentor’s perspective on what “good” RMF work looks like—and how ISSOs actually succeed in complex stakeholder environments.
CURRICULUM SNAPSHOT
What’s inside RMF ISSO: Foundations v2
Modules are designed for busy professionals—compact, focused lessons you can complete between meetings and still make steady progress.
Intro to the RMF and ISSO (Federal GRC)
Why RMF exists and where it fits in federal cybersecurity
What are is the main thing an Information System Security Officer is supposed to do?
How RMF relates to FISMA, NIST SP 800‑53
What “good” RMF execution looks like from leadership’s view
Prepare, Categorize, Select, & Implement
Master "Prepare" with this ______
Categorization is easy if understand _____
Working with control selection and tailoring in Select
What you need to know about "Implement"
Assess, Authorized, & Monitor
Coordinating with assessors during Assess
Supporting Authorize package preparation
Establishing a sustainable Monitor rhythm
What to expect in RMF audits and assessments
How to keep your skills current as NIST guidance evolves
Subscription access for working professionals
Stay current as RMF guidance and expectations evolve. Your subscription keeps the course, templates, and audio book updated—so you’re never working from stale material.
Have a team or need enterprise access? Contact us for group subscription options.
WHAT LEARNERS ARE SAYING
Clear, practical, and aligned with how ISSOs actually work
“I came from a security engineering role and needed to understand RMF to move into ISSO work. This course finally connected the dots between the NIST docs and what I’m expected to do day‑to‑day.”
Security Engineer → ISSO
“The POA&M and SSP templates alone saved me hours on a new ATO package. Bruce explains not just what to fill out, but why reviewers care about each section.”
Federal Contractor, GRC
“As a system owner I finally understand what my ISSO is juggling during RMF. It’s improved how we collaborate and made our last authorization much smoother.”
System Owner, Cloud Platform
FAQ
Answers for busy Cybersecurity & GRC professionals
If you’re working toward an ISSO, GRC, or security leadership role, this course is designed to slot cleanly into your already full schedule.
Who is this course best suited for?
The course is ideal for aspiring and current Information System Security Officers (ISSOs), security analysts, system owners, and GRC professionals who need a practical understanding of RMF (NIST SP 800‑37). You do not need to be a RMF expert—basic familiarity with cybersecurity concepts is enough.
How long will it take to complete the course?
There are 8+ hours of video content plus templates and references. Most professionals complete the core modules over 1–2 weeks by dedicating a few hours each week. Because the course is on‑demand, you can go faster or slower as your schedule allows.
What exactly do I get with my subscription?
You get streaming access to all course videos, downloadable POA&M and SSP templates, supporting resources, and the full MP3 audio book. While your subscription is active, you’ll also receive access to any updates or new lessons added to RMF ISSO: Foundations v2.
Can I cancel my subscription?
Yes. You can cancel your subscription at any time. Your access will continue through the end of your current billing period, and you can always return and reactivate when you’re ready to continue.
Is this an official certification?
No. This course is focused on practical, working‑level RMF skills—not an exam prep curriculum. You will gain a strong foundation in RMF from the ISSO perspective that can support certifications, interviews, and on‑the‑job performance.