Course Description Schedule Course Outline

About this Course

Information Systems Security Engineering is serious, mission-critical business. With that in mind, (ISC)2 and the NSA have aimed at making the ISSEP exam a formidable challenge. That’s why Fast Lane goes above and beyond to bring you comprehensive, logical training. While the ISSEP orders the knowledge in a particular order, our program starts off with a deep dive into the regulations, and then reinforces those regulations in the progressive knowledge areas. In this manner, you make the connections to the important regulations throughout the course, retaining them into the exam and beyond.

The following are included in Fast Lane’s ISSEP Boot Camp:

  • Real security Expertise by Information System Security Engineers with more than 10 years’ experience supporting Federal Government information assurance needs
  • Proven expertise in meeting Certification Candidates needs: we go beyond the ISSEP CBK and get at how-to prep and succeed at the exam
  • Courseware materials that help clarify the ISSE process, and ensure that students leave knowing how to implement it
  • The Fast Lane ISSEP Boot Camp Resource Kit: Comprehensive up-to-date (updated quarterly) compendium of all relevant ISSE publications and related referenced materials within the ISC2 Candidate Information Bulletin, available from the Fast Lane Community Site. The exam is constantly changing to reflect the more recent regulatory updates
  • Official (ISC)2 Guide to the CISSP-ISSEP CBK (Auerbach Publications)
  • Lunch, beverages and snacks provided on each day of class

Who should attend

This training is intended for:

  • IA professionals supporting the federal government’s information systems security engineering needs
  • From the federal government or from the integrator/contractor community


Students of Fast Lane’s ISSEP Boot Camp are prepared for the (ISC)2 ISSEP exam. (ISC)2 revises the ISSEP exam each January, since much of the exam involves questions about mandates and regulations which change regularly.

Class Prerequisites

  • Attendees are not required to have their CISSP to attend class, but it is a requirement to receive the ISSEP credential
  • If you are planning to take the exam on the weekend following the class, it is important that you have prepared thoroughly by reading as much of the online materials as possible

What You Will Learn

Upon the completion of our ISSEP course, you will be able to:

  • Fully understand Security Systems Engineering and the certification and accreditation process within the federal government
  • Design, construct and operate an efficient and economical network that contains measures, providing a defined level of availability, integrity, and confidentiality
  • Take and pass the ISSEP certification exam with confidence
  • Navigate U.S. Government regulatory requirements for information assurance

Outline: ISSEP Boot Camp (ISSEPBC)


  • Domain 4: U.S. Government Information Assurance Regulations
  • Information Assurance Regulations
  • Protecting Federal Information Systems and Networks
  • Supporting Tools and Programs
  • A Comprehensive Approach to IS Assurance
  • U.S. National Policy and Legislation
  • OMB A-130, Management of Federal Information Resources
  • FISMA Requirements
  • NIST Requirements
  • NIST’s Guidance to Support FISMA
  • FISMA-Related Guidance
  • DoDI 8500.2
  • Common Criteria
  • ISO 27001
  • Categorization Standards
  • Mapping Guidelines
  • Minimum Security Requirements
  • Security Control Verification Procedures
  • NIST’s Guidance to Support FISMA
  • FIPS Publication 199
  • NIST Special Publication 800-60
  • Special Publication 800-37
  • Key Roles
  • Certification and Accreditation
  • Certification Package
  • Special Publication 800-53
  • Security Legislation
  • NRC Study
  • Cyber Security Checklists
  • Introduction to the Common Criteria (CC)
  • Assurance Packages
  • PP/ST Framework
  • Oversight Agencies
  • National Security Policy and Directives
  • DoD Policy, Directives and Instructions
  • Computer Fraud and Abuse Act
  • Computer Security Act of 1987
  • Copyright Act
  • Accreditation Options
  • Boundaries


  • Domain 1: Systems Security Engineering
  • The SSE Process Stages
  • Practical Risk Management
  • System Security Engineering Capability Maturity Model (SSE-CMM)
  • Process Areas
  • The Model
  • The Security Engineering Process
  • Assurance Area
  • Assurance Arguments
  • Organizational Capability Measures
  • Applying Capability Measures to Base Practices: The Rating Profile
  • IEEE 1220
  • DoD 5200.1-R


  • Domain 2: Certification & Accreditation
  • DITSCAP/DIACAP - Four Phases
  • NIST 800-37
  • IATF comparison to DITSCAP/DIACAP
  • FIPS 102 – Guideline for Computer Security Certification & Accreditation
  • Applicability of FIPS 102
  • NIST’s C&A Program
  • Security Certifications/Assessments
  • Assessing System Security
  • C&A Framework: Significant Features


  • Domain 3: Technical Management
  • Project Management
  • An Introduction to the Fundamentals
  • Definitions
  • Practical Security Risk Management
  • DITSCAP/DIACAP Activities
  • DITSCAP/DIACAP System Security Authorization Agreement
  • System Security Engineering Capability Maturity Model (SSECMM)
  • Development of Process Areas
  • Basic Risk Management
  • Technical Management
  • Technical Project Management
  • Project Processes
  • Technology Management Tools
Classroom Training

Duration 4 days

  • United States: US$ 1,595
Enroll now
Online Training
Enroll now