Bootcamps · RMF Professional Track

ISSO & Security Assessor Bootcamp

Become an ISSO or Security Assessor.

A role-based bootcamp that walks you through the entire NIST Risk Management Framework — Prepare to Monitor — building the real artifacts (SSP, SAP, SAR, POA&M) federal employers expect. Finish with a portfolio and the language of the job.

12 modulesLive cohortHands-on labsCapstone + portfolio
$2,000/ seatReserve your seat Sponsor a team seat
Track
RMF Professional Track
Format
Three ways to take it
Next cohort
Jul 15, 2026
Also runs
Oct · Jan · Apr
Certificate
Yes, on completion
Choose how you learn

One bootcamp. Three ways to take it.

Same role-based outcome — pick the format that fits your life. Read it at your own pace with graded feedback, watch the video track, or join the live quarterly cohort.

Available now

Instructor-led

Watch the instructor teach on video — a guided track with self-checks, per-module interview prep and a hands-on lab.

Available now in the Fourth Tech Hub

Watch the videos
Available now

Self-paced

Read the full course in the portal at your own pace — lessons, graded quizzes and assignments your instructor reviews.

Available now in the Fourth Tech Hub

Open the course
Quarterly

Live cohort

Real-time sessions with the practitioner on a quarterly schedule — accountable, interactive, and capped for attention. We open these as cohorts are scheduled.

Next cohort · Jul 15, 2026

Reserve a seat

Roles this prepares you for

  • Information System Security Officer (ISSO)
  • Security Control Assessor / Security Assessor
  • RMF Analyst
  • Compliance Analyst
  • Junior SCA support

Standards & references

NIST RMFFISMANIST SP 800-37800-53800-53A800-60FIPS 199FIPS 200FedRAMPSSP / SAP / SAR / POA&M

You'll build a portfolio of

  • Mini SSP
  • Security categorization memo
  • POA&M
  • Sample finding
  • Mock authorization summary
  • Cloud boundary worksheet
The curriculum

The 12 modules.

1

Federal Cybersecurity & RMF

FISMA, why RMF exists, ATO concepts, the ISSO & assessor roles.

2

Roles, Governance & Docs

AO, ISSO, ISSM, SCA, and how SSP/POA&M/SAP/SAR connect.

3

RMF Step 1 — Prepare

System boundaries, scoping, inheritance, readiness checklist.

4

RMF Step 2 — Categorize

FIPS 199/200, 800-60, impact levels, categorization workshop.

5

RMF Step 3 — Select

800-53 baselines, tailoring, overlays, control families.

6

RMF Step 4 — Implement

Implementation statements, building the SSP, defensible narratives.

7

RMF Step 5 — Assess

800-53A, Security Assessment Plan, findings, the SAR, mock assessment.

8

RMF Step 6 — Authorize

Authorization package, POA&M, residual risk, executive risk summary.

9

RMF Step 7 — Monitor

ConMon strategy, vulnerability management, SSP/POA&M updates, metrics.

10

ISSO & Assessor Job Readiness

Day-in-the-life, interview questions, deliverables, capstone briefing.

11

Cloud for RMF Professionals

Service/deployment models, shared responsibility, cloud boundaries.

12

FedRAMP for ISSOs & Assessors

FedRAMP roles, baselines, documents, continuous monitoring, inheritance.

Hands-on labs

You don't watch. You do.

System categorization worksheetControl selection worksheetSSP section writingSAP outlineSAR finding writingPOA&M draftingContinuous monitoring trackerCloud boundary diagramShared responsibility matrix
Next cohort · Jul 15, 2026

Reserve your seat — $2,000.

Seats are limited each quarter. Secure yours, or talk to us about whether this track fits your goals.

Reserve your seat See all bootcamps