Top of Page
 

CAP Training Course Outline

Authorization

The Official (ISC)² CAP training provides a comprehensive review of the knowledge required for authorizing and maintaining information systems within the NIST Risk Management Framework. This training course will help students review and refresh their knowledge and identify areas they need to study for the CAP exam. Taught by an ((ISC)²-authorized instructor, training features:

  • Official (ISC)² courseware
  • Flash Cards
  • Collaboration with classmates
  • Real-world learning activities and scenarios

Who Should Attend

The training seminar is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:

  • The U.S. federal government, such as the U.S. Department of State or the Department of Defense (DoD)
  • The military
  • Civilian roles, such as federal contractors
  • Local governments
  • Private sector organizations

Course Agenda

  • Domain 1: Risk Management Framework (RMF)
  • Domain 2: Categorization of Information Systems
  • Domain 3: Selection of Security Controls
  • Domain 4: Security Control Implementation
  • Domain 5: Security Control Assessment
  • Domain 6: Information System Authorization
  • Domain 7: Monitoring of Security Controls

Course Delivery Methods

Classroom-based

Classroom-Based >

Online Instructor-Ied

Online Instructor-Led >

Private Onsite

Private On-Site >

 

Course Objectives

Note: Course will be updated in October 2018

After completing this course, the student will be able to:

  • Describe the historical legal and business considerations that required the development of the RMF, including related mandates
  • Identify key terminology and associated definitions
  • Describe the Risk Management Framework components, including the starting point inputs (architectural description and organization inputs)
  • Describe the core roles defined by the RMF, including primary responsibilities and supporting roles for each RMF step
  • Describe the core federal statutes, OMB directives, information processing standards (FIPS) and Special Publications (SP), and Department of Defense and Intelligence Community instructions that form the legal mandates and supporting guidance required to implement the RMF
  • Identify and understand the related processes integrated with the RMF
  • Identify key references related to RMF Step 1 - Categorize
  • Identify the roles, requirements and processes to register an information system
  • Identify key references related to RMF Step 2 - Select
  • Identify requisites for establishing information system security controls
  • Identify key references related to RMF Step 3 - Implement
  • Identify key references related to RMF Step 4 - Assess
  • Identify key references related to RMF Step 5 - Authorize
  • Identify the roles, requirements and processes associated with conducting remediation and completing the final security assessment report
  • Identify key references related to RMF Step 6 - Authorize
  • Identify the roles, requirements and processes associated with preparing the plan of action and milestones (POA&M) for an information system
  • Identify key references related to RMF Step 7 - Monitor
  • Identify the roles, requirements and processes to formally dispose of an information system
OK