CAP Certification Training | Certified Authorization Professional Training

CAP Certification Training | Certified Authorization Professional Training

Print Friendly, PDF & Email

Introduction:

CAP Certification Training | Certified Authorization Professional Training Course Description

This CAP Certification Training course is designed for the information security practitioner who champions system security commensurate with an organization’s mission and risk tolerance while meeting legal and regulatory requirements. The CAP Certification Training course conceptually mirrors the National Institute of Standards and Technology (NIST) system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Appendix III.

Gain the skills needed to categorize, implement, authorize, assess, continuously monitor (real-time risk management), and select security controls for information systems that meets federal mandates on requirements and process guidelines.

Background information related to how the federal RMF was developed, the expectations set by Congress and OMB, as well as the manner in which the RMF integrates with other information and business processes.

Duration: 3 days

CAP Certification Training
 

CAP Certification TrainingRelated Courses
 

Customize It:

» If you are familiar with some aspects of CAP Certification Training, we can omit or shorten their discussion.
» We can adjust the emphasis placed on the various topics or build the CAP Certification Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
» If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the CAP Certification Training course in manner understandable to lay audiences.

Audience / Target Group:

The target audience for this CAP Certification Training course is defined here:

» IT security
» Information assurance
» Information risk management
» Certification
» Systems administration
» One to two years of general technical experience
» Two years of general systems experience
» One to two years of database/systems development/network experience
» Information security policy
» Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
» Strong familiarity with NIST documentation
» Anyone pursuing a CAP certification

Prerequisites:

The knowledge and skills that a learner must have before attending this CAP Certification Training course are:

» Required: One to two years of database/systems development/network experience
» Required: Strong familiarity with NIST documentation
» Required: Systems administration
» Required: Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms

Objectives:

After completing this CAP Certification Training course, attendees will be able to:

» Understanding and conducting the security authorization of information systems
» Categorizing different information systems
» Establishing the baseline for security control
» Applying different security controls
» Assessing security controls
» Authorizing information systems
» Monitoring security controls Understanding and conducting the security authorization of information systems
» Categorizing different information systems
» Establishing the baseline for security control
» Applying different security controls
» Assessing security controls
» Authorizing information systems
» Monitoring security controls

CAP Certification Training – Course Syllabus:

RMF Step 1 : Describe the Risk Management Framework (RMF)

Domain Introduction
Domain Terminology and References
Historical and Current Perspective of Authorization
Introducing the Examples Systems
Introduction to the RMF
The RMF Roles and Responsibilities
The RMF Relationship to Other Processes
Example System Considerations
End of Domain Review and Questions

RMF Step 2 : Categorization of Information Systems

Domain Introduction
Domain Terminology and References
RMF Step 1: Roles and Responsibilities
Preparing to Categorize an Information System
Categorize the Information System
Categorizing the Examples System
Describe the Information System and Authorization Boundary
Register the Information System
RMF Step 1: Milestones, Key Activities, and Dependencies
End of Domain Review and Questions

RMF Step 3 : Selection Security Controls

Domain Introduction
Domain Terminology and References
RMF Step 2: Roles and Responsibilities
Understanding FIPS 200
Introducing SP 800-53
The Fundamentals
The Process
Appendix D – Security Control Baselines
Appendix E – Assurance and Trustworthiness
Appendix F – Security Control Catalog
Appendix G – Information Security Programs
Appendix H – International Information Security Standards
Appendix I – Overlay Template
Appendix J – Privacy Control Catalog
Identify and Document Common (Inherited) Controls
System Specific Security Controls
Continuous Monitoring Strategy
Review and Approve Security Plan
RMF Step 2: Milestone Checkpoint
Example Information Systems
End of Domain Review and Questions

RMF Step 4 : Security Controls Implementation

Domain Introduction
Domain Terminology and References
RMF Step 3: Roles and Responsibilities
Implement Selected Security Controls
Contingency Planning
Configuration, Patch and Vulnerability Management
Firewalls and Firewall Policy Controls
Interconnecting Information Technology Systems
Computer Security Incident Handling
Security Awareness and Training
Security Considerations in the SDLC
Malware Incident Prevention and Handling
Computer Security Log Management
Protecting Confidentiality of Personal Identifiable Information
Continuous Monitoring
Security Control Implementation
Document Security Control Implementation
RMF Step 3: Milestone Checkpoint
End of Domain Review and Questions

RMF Step 5 : Security Control Assessment

Domain Introduction
Domain Terminology and References
RMF Step 4: Roles and Responsibilities
Understanding SP 800-115
Understanding SP 800-53A
Prepare for Security Control Assessment
Develop Security Control Assessment Plan
Assess Security Control Effectiveness
Develop Initial Security Assessment Report (SAR)
Review Interim SAR and Perform Initial Remediation Actions
Develop Final SAR and Optional Addendums
RMF Step 4 Milestone Checkpoint
End of Domain Review and Questions

RMF Step 6 : Information System Authorization

Domain Introduction
Domain Terminology and References
RMF Step 5: Roles and Responsibilities
Develop Plan of Action and Milestones (POAM)
Assemble Security Authorization Package
Determine Risk
Determine the Acceptability of Risk
Obtain Security Authorization Decision
RMF Step 5: Milestone Checkpoint
End of Domain Review and Questions

RMF Step 7 : Monitoring of Security Controls

Introduction
Domain Terminology and References
RMF Step 6: Roles and Responsibilities
Understanding SP 800-137
Determine Security Impact of Changes to System and Environment
Perform Ongoing Security Control Assessment
Conduct Ongoing Remediation Actions
Update Key Documentation
Perform Periodic Security Status Reporting
Perform Ongoing Determination and Acceptance
Decommission and Remove System
RMF Step 6: Milestone Checkpoint
End of Domain Review and Questions

Whether you are looking for general information or have a specific question about CAP Certification Training, we want to help!

 
Request More Information

Time frame:

No Comments Yet.

Leave a comment

0