ISSO & Security Assessor Bootcamp

Become an ISSO or Security Assessor.

A role-based bootcamp that walks you through the entire NIST Risk Management Framework — Prepare to Monitor — building the real artifacts (SSP, SAP, SAR, POA&M) federal employers expect. Finish with a portfolio and the language of the job.

12 modulesLive cohortHands-on labsCapstone + portfolio

$2,000/ seatReserve your seat Sponsor a team seat

Track

RMF Professional Track

Format

Three ways to take it

Next cohort

Jul 15, 2026

Also runs

Oct · Jan · Apr

Certificate

Yes, on completion

Choose how you learn

One bootcamp. Three ways to take it.

Same role-based outcome — pick the format that fits your life. Read it at your own pace with graded feedback, watch the video track, or join the live quarterly cohort.

Available now

Instructor-led

Watch the instructor teach on video — a guided track with self-checks, per-module interview prep and a hands-on lab.

Available now in the Fourth Tech Hub

Watch the videos

Available now

Self-paced

Read the full course in the portal at your own pace — lessons, graded quizzes and assignments your instructor reviews.

Available now in the Fourth Tech Hub

Open the course

Quarterly

Live cohort

Real-time sessions with the practitioner on a quarterly schedule — accountable, interactive, and capped for attention. We open these as cohorts are scheduled.

Next cohort · Jul 15, 2026

Reserve a seat

Roles this prepares you for

Information System Security Officer (ISSO)
Security Control Assessor / Security Assessor
RMF Analyst
Compliance Analyst
Junior SCA support

Standards & references

NIST RMFFISMANIST SP 800-37800-53800-53A800-60FIPS 199FIPS 200FedRAMPSSP / SAP / SAR / POA&M

You'll build a portfolio of

Mini SSP
Security categorization memo
POA&M
Sample finding
Mock authorization summary
Cloud boundary worksheet

The curriculum

The 12 modules.

Federal Cybersecurity & RMF

FISMA, why RMF exists, ATO concepts, the ISSO & assessor roles.

Roles, Governance & Docs

AO, ISSO, ISSM, SCA, and how SSP/POA&M/SAP/SAR connect.

RMF Step 1 — Prepare

System boundaries, scoping, inheritance, readiness checklist.

RMF Step 2 — Categorize

FIPS 199/200, 800-60, impact levels, categorization workshop.

RMF Step 3 — Select

800-53 baselines, tailoring, overlays, control families.

RMF Step 4 — Implement

Implementation statements, building the SSP, defensible narratives.

RMF Step 5 — Assess

800-53A, Security Assessment Plan, findings, the SAR, mock assessment.

RMF Step 6 — Authorize

Authorization package, POA&M, residual risk, executive risk summary.

RMF Step 7 — Monitor

ConMon strategy, vulnerability management, SSP/POA&M updates, metrics.

ISSO & Assessor Job Readiness

Day-in-the-life, interview questions, deliverables, capstone briefing.

Cloud for RMF Professionals

Service/deployment models, shared responsibility, cloud boundaries.

FedRAMP for ISSOs & Assessors

FedRAMP roles, baselines, documents, continuous monitoring, inheritance.

Hands-on labs

You don't watch. You do.

System categorization worksheetControl selection worksheetSSP section writingSAP outlineSAR finding writingPOA&M draftingContinuous monitoring trackerCloud boundary diagramShared responsibility matrix

Next cohort · Jul 15, 2026

Reserve your seat — $2,000.

Seats are limited each quarter. Secure yours, or talk to us about whether this track fits your goals.

Reserve your seat See all bootcamps