CAP Certification Course

CAP Certification Course Course Description

Duration: 3.00 days (24 hours)

This course is designed for the information security practitioner who champions system security commensurate with an organization's mission and risk tolerance while meeting legal and regulatory requirements. The Certified Authorization Professional (CAP) certification course conceptually mirrors the National Institute of Standards and Technology (NIST) system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Appendix III.

Gain the skills needed to categorize, implement, authorize, assess, continuously monitor (real-time risk management), and select security controls for information systems that meets federal mandates on requirements and process guidelines.

Background information related to how the federal RMF was developed, the expectations set by Congress and OMB, as well as the manner in which the RMF integrates with other information and business processes

Next Class Dates

May 31, 2017 – Jun 2, 2017
9:00 AM – 5:00 PM ET

View More Schedules »

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this CAP Certification Course Course

  • » Individuals who have at least one full year of experience using the federal RMF or comparable experience gained from the ongoing management of information system authorizations such as ISO 27001
  • » IT security
  • » Information assurance
  • » Information risk management
  • » Certification
  • » Systems administration
  • » One to two years of general technical experience
  • » Two years of general systems experience
  • » One to two years of database/systems development/network experience
  • » Information security policy
  • » Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
  • » Strong familiarity with NIST documentation
  • » Anyone pursuing a CAP certification

Back to Top

Course Prerequisites for CAP Certification Course

  • » One to two years of database/systems development/network experience
  • » Strong familiarity with NIST documentation
  • » Systems administration
  • » Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms

Back to Top

This Course is also part of:

Back to Top

CAP Certification Course Course Objectives

  • » Understanding and conducting the security authorization of information systems 
  • » Categorizing different information systems 
  • » Establishing the baseline for security control 
  • » Applying different security controls 
  • » Assessing security controls 
  • » Authorizing information systems 
  • » Monitoring security controls Understanding and conducting the security authorization of information systems 
  • » Categorizing different information systems 
  • » Establishing the baseline for security control 
  • » Applying different security controls 
  • » Assessing security controls 
  • » Authorizing information systems 
  • » Monitoring security controls

Back to Top

CAP Certification Course Course Outline

      1. RMF Step 1 : Describe the Risk Management Framework (RMF)
        1. Domain Introduction
        2. Domain Terminology and References
        3. Historical and Current Perspective of Authorization
        4. Introducing the Examples Systems
        5. Introduction to the RMF
        6. The RMF Roles and Responsibilities
        7. The RMF Relationship to Other Processes
        8. Example System Considerations
        9. End of Domain Review and Questions
      2. RMF Step 2 : Categorization of Information Systems
        1. Domain Introduction
        2. Domain Terminology and References
        3. RMF Step 1: Roles and Responsibilities
        4. Preparing to Categorize an Information System
        5. Categorize the Information System
        6. Categorizing the Examples System
        7. Describe the Information System and Authorization Boundary
        8. Register the Information System
        9. RMF Step 1: Milestones, Key Activities, and Dependencies
        10. End of Domain Review and Questions
      3. RMF Step 3 : Selection Security Controls
        1. Domain Introduction
        2. Domain Terminology and References
        3. RMF Step 2: Roles and Responsibilities
        4. Understanding FIPS 200
        5. Introducing SP 800-53
        6. The Fundamentals
        7. The Process
        8. Appendix D - Security Control Baselines
        9. Appendix E - Assurance and Trustworthiness
        10. Appendix F - Security Control Catalog
        11. Appendix G - Information Security Programs
        12. Appendix H - International Information Security Standards
        13. Appendix I - Overlay Template
        14. Appendix J - Privacy Control Catalog
        15. Identify and Document Common (Inherited) Controls
        16. System Specific Security Controls
        17. Continuous Monitoring Strategy
        18. Review and Approve Security Plan
        19. RMF Step 2: Milestone Checkpoint
        20. Example Information Systems
        21. End of Domain Review and Questions
      4. RMF Step 4 : Security Controls Implementation
        1. Domain Introduction
        2. Domain Terminology and References
        3. RMF Step 3: Roles and Responsibilities
        4. Implement Selected Security Controls
        5. Contingency Planning
        6. Configuration, Patch and Vulnerability Management
        7. Firewalls and Firewall Policy Controls
        8. Interconnecting Information Technology Systems
        9. Computer Security Incident Handling
        10. Security Awareness and Training
        11. Security Considerations in the SDLC
        12. Malware Incident Prevention and Handling
        13. Computer Security Log Management
        14. Protecting Confidentiality of Personal Identifiable Information
        15. Continuous Monitoring
        16. Security Control Implementation
        17. Document Security Control Implementation
        18. RMF Step 3: Milestone Checkpoint
        19. End of Domain Review and Questions
      5. RMF Step 5 : Security Control Assessment
        1. Domain Introduction
        2. Domain Terminology and References
        3. RMF Step 4: Roles and Responsibilities
        4. Understanding SP 800-115
        5. Understanding SP 800-53A
        6. Prepare for Security Control Assessment
        7. Develop Security Control Assessment Plan
        8. Assess Security Control Effectiveness
        9. Develop Initial Security Assessment Report (SAR)
        10. Review Interim SAR and Perform Initial Remediation Actions
        11. Develop Final SAR and Optional Addendums
        12. RMF Step 4 Milestone Checkpoint
        13. End of Domain Review and Questions
      6. RMF Step 6 : Information System Authorization
        1. Domain Introduction
        2. Domain Terminology and References
        3. RMF Step 5: Roles and Responsibilities
        4. Develop Plan of Action and Milestones (POAM)
        5. Assemble Security Authorization Package
        6. Determine Risk
        7. Determine the Acceptability of Risk
        8. Obtain Security Authorization Decision
        9. RMF Step 5: Milestone Checkpoint
        10. End of Domain Review and Questions
      7. RMF Step 7 : Monitoring of Security Controls
        1. Introduction
        2. Domain Terminology and References
        3. RMF Step 6: Roles and Responsibilities
        4. Understanding SP 800-137
        5. Determine Security Impact of Changes to System and Environment
        6. Perform Ongoing Security Control Assessment
        7. Conduct Ongoing Remediation Actions
        8. Update Key Documentation
        9. Perform Periodic Security Status Reporting
        10. Perform Ongoing Determination and Acceptance
        11. Decommission and Remove System
        12. RMF Step 6: Milestone Checkpoint
        13. End of Domain Review and Questions

Back to Top

This training prepares students for the following exam(s):

  • » CAP Examination : CAP: Certification and Accreditation Professional

Back to Top

Do you have the right background for CAP Certification Course?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Donald H.
- Academic and corporate trainer with over 2000 hours of instruction delivered on security awareness, CISSP, Security+, Safety, core Microsoft courses, MS Exchange and MS ISA server.
- Conducted over 200 security reviews in support of financial audits, policy reviews and network vulnerability assessments.
- Bachelors Degree in Security Management with a Concentration in Information Security from American Military University along with CISSP, CAP and several CompTIA, Microsoft, ISACA certifications.

Bio:

Donald is a security professional with a wide range of experience from physical security to a concentration in information security. He is the Information Systems & Security Director for a consulting firm. His clients include local municipalities, non-profits, corporations and federal government agencies, specializing in a wide array of compliance programs and security assessments such as PCI DSS, FISMA, COBIT and ISO17799.

Donald is also a trainer and speaker on security topics and has served on various advisory committees and as a subject matter expert in information technology and security. He has over 15 years of experience in the security field as well as more than 2000 hours of instruction delivered on security awareness, CISSP, Security+, Safety, core Microsoft courses and MS ISA server. In addition to that, Donald is the President and Chairmen for the Brentwood Veterans Memorial Building and Commandant for the Delta Diablo Det. 1155 Marine Corps League.
Jayson F.
- Over 32 years of experience as well as 18 certifications, including Cisco, CompTIA, and Microsoft.
- Strong background, with web development & design of infrastructure for companies such as AT&T, Sports Illustrated, and Toys R Us.
- Specialist in applying process and finding solutions to solve them in addition to training people in the skills to manage the process and meet goals.

Bio:

Jayson is a talented and valued Microsoft Certified Trainer (MCT) with over 32 years of IT experience. Along with web development & design of infrastructure for companies such as AT&T, Sports Illustrated, and Toys R Us, he holds several IT certifications. He is a CCDA, CCNA, Security+ certified, MCDBA, and MCSE to name a few.

Jayson's focus is on finding solutions to problems and applying process to solve them. He instructs professionals in the skills to manage the process and meet goals, which makes him a respected trainer at NetCom Learning.
Larry G.
- More than 14 years of experience as a Security Subject Matter Expert as well as black belt in a variety of martial arts.
- Numerous Challenge Coins from the US Government including the US Army, and the Criminal Investigation Command.
- Much acclaimed instructor at NetCom Learning, with evaluation scores of 8.8 out of 9.

Bio:

Larry is a unique instructor and IT security expert. If you sit in one of his classes you might get the feeling of being in a martial arts class - That's exactly how Larry wants it! "The principles behind IT security are the same as those in a variety of martial arts," Larry says. In addition to teaching IT security for over 14 years, he has practiced martial arts since he was 13 years old and holds black belts in multiple disciplines including Tai Chi, Kung Fu, and Kick Boxing. "All of these techniques are like tools for different types of attacks," Larry explains.

Larry's excellence in certification training and passion for IT security has earned him numerous Challenge Coins from the US Government including the US Army, and the Criminal Investigation Command. He is also a much acclaimed instructor at NetCom Learning, with evaluation scores of 8.8 out of 9.
John H.
- Owner of ELearning Development company that focuses on design, security education services and development.
- Globally recognized instructor of engineers and executives from the private sector, civilian government, and DoD.
- Consultant experience focusing on security architecture, instructional design, curriculum development, and training delivery.
Bio:
Hackmeyer has a bachelor's and master's degree from Florida State University. "Hack", as he likes to be called, is currently the owner of thesecurity education services company CyberCrocodile. For nearly 6 years, CyberCrocodile has focused on delivering live instructional courses focused on CISSP, Security+ and customized vendor specific security solutions.

Prior to forming CyberCrocodile, Hack spent nearly a decade as a security systems engineer for companies such as: Intermedia Communications, Riptech, Symantec, and Websense. John has experience in architecting security solutions for govern- ment agencies, DoD and global fortune 500 companies.

Mr. Hackmeyer is also the creator of popular and effective educational methodology Conceptual Linking.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

I would recommend the NetCom because the instructor, Donald Hester, did a great job of covering the necessary materials. He has great insight into the certification and accreditation process and was able to provide great real-world examples of the concepts.
I thought the course was great. It was great that we could have the course onsite and the instructor did a great job.
- Mark S.
Course(s) Taken

» CAP Certification Course

The class went very well. Don was very thorough and covered all the material.
- David A.
Course(s) Taken

» CAP Certification Course

The class was great and Don is ALWAYS a fantastic and knowledgeble instructor!
- Cheryl Ann S.
Course(s) Taken

» CAP Certification Course

  More testimonials »  

Back to Top

Ways to contact us

Back to Top

Trademark Notice

CAP and (ISC)2 are registered marks of the International Information Systems Security Certification Consortium, Inc. Certified Authorization Professional (CAP) and the material presented are not affiliated with or endorsed by (ISC)2

Back to Top