Certified Authorization Professional (CAP)
MMSTECH148: Certified Authorization Professional (CAP)
Federal Risk Management Framework (RMF) Implementation R4.0 focuses on the Risk Management Framework prescribed by NIST Standards.
This course covers all objectives for the ISC2 Certified Authorization Professional (CAP) certification exam and can also be used to prepare students to take the exam. CAP exam topics are called out on the title page of each chapter.
Chapter 1: Introduction
Key concepts including assurance, assessment, authorization
Reasons for change to the Risk Management Framework (RMF)
Key characteristics of security
Security controls
Chapter 2: Cybersecurity Policy Regulations and Framework
Evolution and interaction of security laws, policy, and regulations in cybersecurity
Accessing the correct documents for cyber security guidance
Assessment and Authorization transformation goals
Chapter 3: RMF Roles and Responsibilities
Tasks and responsibilities for RMF roles
Chapter 4: Risk Analysis Process
Four-step risk management process
Impact level
Level of risk
Effective risk management options
Chapter 5: Step 1: Categorize
Key documents in RMF process
Security Categorization
Information System Description
Information System Registration
Lab 1: Categorize a fictitious DoD agency information system
Chapter 6: Step 2: Select
Common Control Identification
Security Control Selection
Tailor security controls
Monitoring Strategy
Security Plan Approval
Lab 2: Select security controls for a fictitious DoD agency information system
Chapter 7: Step 3: Implement
Security Control Implementation
Security Control Documentation
Lab 3: Discuss and review decisions related to implementation of security controls
Chapter 8: Step 4: Assess
Assessment Preparation
Security Control Assessment
Security Assessment Report
Remediation Actions
Lab 4: Consult NIST SP 800-53A to determine appropriate assessment techniques for a fictitious DoD agency.
Chapter 9: Step 5: Authorize
Plan of Action and Milestones
Security Authorization Package
Risk Determination
Risk Acceptance
Lab 5: Practice compiling the documents that make up the Security Authorization Package
Chapter 10: Step 6: Monitor
Information System and Environment Changes
Patches
Ongoing Security Control Assessments
Ongoing Remediation Actions
Key Updates
Security Status Reporting
Ongoing Risk Determination and Acceptance
Information System Removal and Decommissioning
Lab 6: Identify vulnerabilities and deficiencies in the information system of a fictitious DoD agency and propose steps to remediate them.