Home » Courses » Certification Courses » Certified Information Systems Security Manager (CISSM I & II)

Certified Information Systems Security Manager (CISSM I & II)

Length: 2 Days
Print Friendly, PDF & Email

Certified Information Systems Security Manager (CISSM I & II) Certification Program by Tonex

ISO-IEC 27001 Information Security Management Systems Training by Tonex

The CISSM I & II program by Tonex builds the leadership, governance, and assurance capabilities required of Information System Security Managers operating across DoD and Intelligence Community environments. Participants master policy-driven security management, control selection and assessment, risk treatment, and audit readiness aligned to NIST RMF, CNSSI, and DoD/IC directives, with explicit mapping across ISSM Levels I & II.

This program strengthens enterprise resilience by institutionalizing measurable control ownership, evidence-based compliance, and defensible authorization decisions. It improves cybersecurity by tightening governance linkages between mission risk, security controls, and operational outcomes. It further elevates cybersecurity maturity by embedding continuous monitoring, supply-chain vigilance, and insider-threat safeguards into program execution. Graduates leave ready to lead cross-functional teams, brief executives, and sustain authority-to-operate in complex missions.

Learning Objectives:

  • Apply ISSM responsibilities across lifecycle, authorization, and compliance oversight
  • Map controls to NIST RMF, CNSSI 1253, DoDI 8510.01, and agency overlays
  • Build risk registers, treatment plans, and POA&Ms with measurable KPIs
  • Orchestrate audit readiness and artifacts for assessments and ATO packages
  • Lead incident response governance and post-incident corrective actions
  • Elevate enterprise outcomes by strengthening cybersecurity governance impact

Audience:

  • Cybersecurity Professionals
  • Information System Security Managers (ISSM)
  • Security Control Assessors / AO Staff
  • System Owners and Program Managers
  • Governance, Risk & Compliance (GRC) Leads
  • Security Engineers and Architects

Program Modules:

Module 1: ISSM Foundations

  • Roles, duties, and accountability
  • DoD/IC policy landscape overview
  • System categorization basics
  • Security governance models
  • Stakeholder and RACI alignment
  • Compliance documentation sets

Module 2: Control Baselines

  • CNSSI 1253 tailoring steps
  • NIST 800-53 control families
  • DoD overlays and inheritance
  • Common, hybrid, system controls
  • Compensating control criteria
  • Traceability from risks to controls

Module 3: RMF Execution

  • Prepare and categorize tasks
  • Select and tailor controls
  • Implement and evidence controls
  • Assess readiness and gaps
  • Authorize with risk acceptance
  • Continuous monitoring cadence

Module 4: Assurance Evidence

  • SSP structure and clarity
  • Control evidence management
  • POA&M creation and updates
  • Objective assessment methods
  • Audit trails and CFR records
  • Metrics and dashboarding

Module 5: Operations & IR

  • Configuration/change governance
  • Vulnerability and patch strategy
  • Incident handling coordination
  • Insider threat governance links
  • Supply chain risk oversight
  • Lessons learned to control updates

Module 6: ISSM II Leadership

  • Portfolio-level risk posture
  • ATO sustainment strategies
  • Mission impact briefings
  • Third-party and cloud assurance
  • Privacy and data governance ties
  • Program maturity roadmaps

Exam Domains:

  1. Governance, Policies, and Legal Foundations
  2. Risk Management and Control Architecture
  3. RMF and Authorization Lifecycle Management
  4. Audit, Assessment, and Evidence Management
  5. Operations, Incident Governance, and Continuity
  6. Leadership, Strategy, and Stakeholder Communication

Course Delivery:
The course is delivered through a combination of lectures, interactive discussions, hands-on workshops, and project-based learning, facilitated by experts in the field of Certified Information Systems Security Manager (CISSM I & II). Participants will have access to online resources, including readings, case studies, and tools for practical exercises.

Assessment and Certification:
Participants will be assessed through quizzes, assignments, and a capstone project. Upon successful completion of the course, participants will receive a certificate in Certified Information Systems Security Manager (CISSM I & II).

Question Types:

  • Multiple Choice Questions (MCQs)
  • Scenario-based Questions

Passing Criteria:
To pass the Certified Information Systems Security Manager (CISSM I & II) Certification Training exam, candidates must achieve a score of 70% or higher.

Ready to lead as an ISSM at Level I or II? Enroll now with Tonex to secure authorizations faster, prove compliance with confidence, and elevate your organization’s mission-ready cybersecurity posture.

Request More Information