(ISC)2

Enjoy the best in CAP – Certified Authorization Professional Training

The CAP, Certified Authorization Professional certification covers the RMF in great detail and is the only security certification under the DoD 8570 mandate that aligns to each of the RMF steps.

 

ISC2 CAP Certified Authorization Professional

Course Overview

The Risk Management Framework (RMF) is used by security professionals who are responsible for assessing risk and establishing documentation for their IT systems. The CAP, Certified Authorization Professional certification covers the RMF in great detail and is the only security certification under the DoD8570 Mandate that aligns to each of the RMF steps. This official ISC2 course provides students with in-depth coverage on the skills and concepts in the 7 domains including RMF, Security Categorization, Security Controls implementation, assessment, monitoring and authorization. This course is for IT Professionals interested in learning more about lifecycle cybersecurity risk management, as well as auditors, infosec/information assurance practitioners and program managers who have a minimum of 2 years full-time experience in one or more of the 7 domains covered in the CAP exam.  

ISC2 CAP Certified Authorization Professional

Acquired Skills

  • Prepare for and pass the CAP Exam
  • Define and implement a Risk Management Framework (RMF)
  • Select, tailor and document security controls
  • Prepare for security control assessment
  • Perform ongoing security control assessments
ISC2 CAP Certified Authorization Professional

Course Outline

Risk Management Framework (RMF)

  • Describe the RMF 
  • Describe and distinguish between the RMF steps 
  • Identify roles and define responsibilities 
  • Understand and describe how the RMF process relates to the organizational structure 
  • Understand the relationship between the RMF and System Development Life Cycle (SDLC) 
  • Understand legal, regulatory and other security requirements

 Categorization of Information Systems

  • Categorize the system 
  • Describe the information system (including the security authorization boundaries) 
  • Register the system

 Selection of Security Controls

  • Identify and document (inheritable) controls 
  • Select, tailor and document security controls 
  • Develop security control monitoring strategy 
  • Review and approve security plan

 Security Control Implementation

  • Implement selected security controls 
  • Document security control implementation

 Security Control Assessment

  • Prepare for security control assessment 
  • Develop security control assessment plan 
  • Assess security control effectiveness 
  • Develop initial security assessment report (SAR) 
  • Review interim SAR and perform initial remediation actions 
  • Develop final SAR and optional addendum

 Information System Authorization

  • Develop plan of action and milestones (POAM) (e.g., resources, schedule, requirements) 
  • Assemble security authorization package 
  • Determine risk 
  • Determine the acceptability of risk 
  • Obtain security authorization decision

 Monitoring of Security Controls

  • Determine security impact of changes to system and environment 
  • Perform ongoing security control assessments (e.g., continuous monitoring, internal and external assessments) 
  • Conduct ongoing remediation actions (resulting from incidents, vulnerability scans, audits, vendor updates, etc.) 
  • Update key documentation (e.g., SP, SAR, POAM) 
  • Perform periodic security status reporting 
  • Perform ongoing risk determination and acceptance 
  • Decommission and remove system
ISC2 CAP Certified Authorization Professional

Additional Information

This course is for IT Professionals interested in learning more about lifecycle cybersecurity risk management, as well as auditors, infosec/information assurance practitioners and program managers who have a minimum of 2 years full-time experience in one or more of the 7 domains covered in the CAP exam.

 Who Should Attend:

 The CAP is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:

  • The U.S. federal government, such as the U.S. Department of State or the Department of Defense (DoD)
  • The military
  • Civilian roles, such as federal contractors
  • Local governments
  • Private sector organizations

 

Toggle Filters
Want to run this course in-house?
None of these dates work for you?

Client Testimonials

Be wary of companies that pay external vendors to farm and post reviews, many of them are not authentic. Ours come straight from Google, you can’t alter reviews on Google Maps in any way. Don’t take our word for who we are – hear from our clients:

Achieve your ISC2 CAP Certified Authorization Professional

Certifications Today!

Whether you are simply seeking a knowledge based IT course, or are working towards passing the exam for your next IT certification, we offer the courses you are looking for as daytime classes, evening classes, boot camps and on-demand. 

We know that the instructor is the key to our students’ success and we have taken over a decade to build one of the best teams in the country.  Our instructors have decades of cumulative real world experience and they bring that to every class they teach!

ISC2 CAP Certified Authorization Professional

Looking for ISC2 CAP Certified Authorization Professional Training and Certifications?

And no, we will not relentlessly hound you with sales calls, we promise! Please reach out to us with any questions you might have. We welcome the opportunity to talk through your individual training needs, or that of your team. We are a no pressure, service oriented company. Reach out – you’ll be glad you did!