Certified Authorization Professional (CAP) Certification and Training

Level: Intermediate
Course #: 2061

Enroll

This official (ISC)² Certified Authorization Professional (CAP) course prepares you for the CAP exam and provides in-depth coverage of the Risk Management Framework. It is the only security certification under the DoD8570 Mandate that aligns to each of the RMF steps. You will learn the skills and concepts in the 7 domains including RMF, Security Categorization, Security Controls implementation, assessment, monitoring and authorization.

The Risk Management Framework (RMF) is used by security professionals who are responsible for assessing risk and establishing documentation for their IT systems. Achieve this CAP certification and demonstrate your expertise in lifecycle cyber security risk management.

Key Features of this Certified Authorization Professional (CAP) Training:

Official (ISC)² curriculum

After-course instructor coaching benefit

You Will Learn How To:

Prepare for and pass the CAP Exam

Define and implement a Risk Management Framework (RMF)

Select, tailor and document security controls

Prepare for security control assessment

Perform ongoing security control assessments

Goals Live, Instructor-Led – Live, Online Training

instructor-led training course

One-on-one after course instructor coaching

Pay later by invoice -OR- at the time of checkout by credit card Exam Voucher Included

Live, Online Training

Important CAP Certification Course Information

Who Should Attend

The CAP is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:

The U.S. federal government, such as the U.S. Department of State or the Department of Defense (DoD) The military

Civilian roles, such as federal contractors

Local governments

Private sector organizations

CAP Certification Course Outline

Risk Management Framework (RMF)

Describe the RMF

Describe and distinguish between the RMF steps

Identify roles and define responsibilities

Understand and describe how the RMF process relates to the organizational structure

Understand the relationship between the RMF and System Development Life Cycle (SDLC) Understand legal, regulatory and other security requirements

Categorization of Information Systems

Categorize the system

Describe the information system (including the security authorization boundaries) Register the system

Selection of Security Controls

Identify and document (inheritable) controls

Select, tailor and document security controls

Develop security control monitoring strategy

Review and approve security plan

Security Control Implementation

Implement selected security controls

Document security control implementation

Security Control Assessment

Prepare for security control assessment

Develop security control assessment plan

Assess security control effectiveness

Develop initial security assessment report (SAR)

Review interim SAR and perform initial remediation actions

Develop final SAR and optional addendum

Information System Authorization

Develop plan of action and milestones (POAM) (e.g., resources, schedule, requirements)

Assemble security authorization package

Determine risk

Determine the acceptability of risk

Obtain security authorization decision

Monitoring of Security Controls

Determine security impact of changes to system and environment

Perform ongoing security control assessments (e.g., continuous monitoring, internal and external assessments)

Conduct ongoing remediation actions (resulting from incidents, vulnerability scans, audits, vendor updates, etc.) Update key documentation (e.g., SP, SAR, POAM)

Perform periodic security status reporting

Perform ongoing risk determination and acceptance

Decommission and remove system

CAP Certification Training FAQs

What is the Certified Authorization Professional (CAP) Certification?

The Certified Authorization Professional certification covers the RMF in great detail and is the only security certification under the DoD8570 Mandate that aligns to each of the RMF steps. 

How do I take the CAP Certification exam?

A minimum of two years cumulative, paid, full-time work experience and in one or more of the seven domains of the CAP

Common Body of Knowledge (CBK)

Can I become an (ISC)² Certified Authorization Professional online?

Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class, online, and on demand.

Enroll