Certified Authorization Professional (CAP) Training

The course is intended for students who have at least one full year of experience using the federal Risk Management Framework (RMF) or comparable experience gained from the ongoing management of information system authorizations.

Content


  1. Describe the Risk Management Framework (RMF)
    • Domain Introduction
    • Domain Terminology and References
    • Historical and Current Perspective of Authorization
    • Introducing the Examples Systems
    • Introduction to the Risk Management Framework (RMF)
    • The RMF Roles and Responsibilities
    • Example System Considerations
  2. Categorize Information Systems
    • Domain Introduction
    • Domain Terminology and References
    • RMF Step 1 – Roles and Responsibilities
    • Preparing to Categorize an Information System
    • Categorize the Information System
    • Categorizing the Examples System
    • Describe the Information System and Authorization Boundary
    • Register the Information System
    • RMF Step 1 Milestones, Key Activities and Dependencies
  3. Select Security Controls
    • Domain Introduction
    • Domain Terminology and References
    • RMF Step 2 – Roles and Responsibilities
    • Understanding FIPS 200
    • Introducing SP 800-53
    • The Fundamentals
    • The Process
  4. Implement Security Controls
    • Domain Introduction
    • Domain Terminology and References
    • RMF Step 3 – Roles and Responsibilities
    • Implement Selected Security Controls
    • Contingency Planning
    • Configuration, Patch and Vulnerability Management
    • Firewalls and Firewall Policy Controls
    • Interconnecting Information Technology Systems
    • Computer Security Incident Handling
    • Security Awareness and Training
    • Security Considerations in the SDLC
    • Malware Incident Prevention and Handling
    • Computer Security Log Management
    • Protecting Confidentiality of Personal Identifiable Information
    • Continuous Monitoring
    • Security Control Implementation
    • Document Security Control Implementation
    • RMF Step 3 Milestone Checkpoint
  5. Assess Security Control
    • Domain Introduction
    • Domain Terminology and References
    • RMF Step 4 – Roles and Responsibilities
    • Understanding SP 800-115
    • Understanding SP 800-53A
    • Prepare for Security Control Assessment
    • Develop Security Control Assessment Plan
    • Assess Security Control Effectiveness
    • Develop Initial Security Assessment Report (SAR)
    • Review Interim SAR and Perform Initial Remediation Actions
    • Develop Final SAR and Optional Addendums
    • RMF Step 4 Milestone Checkpoint
  6. Authorize Information System
    • Domain Introduction
    • Domain Terminology and References
    • RMF Step 5 – Roles and Responsibilities
    • Develop Plan of Action and Milestones (POAM)
    • Assemble Security Authorization Package
    • Determine Risk
    • Determine the Acceptability of Risk
    • Obtain Security Authorization Decision
    • RMF Step 5 Milestone Checkpoint
  7. Monitor Security Controls
    • Introduction
    • Domain Terminology and References
    • RMF Step 6 – Roles and Responsibilities
    • Understanding SP 800-137
    • Determine Security Impact of Changes to System and Environment
    • Perform Ongoing Security Control Assessment
    • Conduct Ongoing Remediation Actions
    • Update Key Documentation
    • Perform Periodic Security Status Reporting
    • Perform Ongoing Determination and Acceptance
    • Decommission and Remove System
    • RMF Step 6 Milestone Checkpoint