The Certified Authorization Professional (CAP) course is designed for the information security practitioner who champions system security commensurate with an organization's mission and risk tolerance, while meeting legal and regulatory requirements. The CAP certification course conceptually mirrors the NIST system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Appendix III. This 3-day program is comprised of a total of seven domains. The modular format is designed to organize and chunk information in order to assist with learning retention as participants are guided through the CAP course materials.
Learning Objectives
- Provide the learner with the background information related to how the federal Risk Management Framework (RMF) was developed, the expectations set by Congress and OMB, as well as the manner in which the RMF integrates with other information and business processes
- Provide the learner with the specific requirements and processes required to appropriately categorize an information system, including the federal mandates, requisite inputs, tasks, and related processes
- Provide the learner with the specific requirements and processes required to appropriately select security controls for an information system, including the federal mandates, requisite inputs, tasks, and related processes
- Provide the learner with the specific requirements and processes required to implement security controls for an information system, including the federal mandates, requisite inputs, tasks, and related processes
- Provide the learner with the specific requirements and processes required to appropriately assess the security controls for an information system, including the federal mandates, requisite inputs, tasks, and related processes
- Provide the learner with the specific requirements and processes required to appropriately authorize an information system, including the federal mandates, requisite inputs, tasks, and related processes
- Provide the learner with the specific requirements and processes required to conduct continuous monitoring of an information system, including the federal mandates, requisite inputs, tasks, and related processes. This includes the two primary objectives of system, including the federal mandates, requisite inputs, tasks, and related processes. This includes the two primary objectives of near real-time risk management and ongoing security authorization
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Risk Management
- Cybersecurity Management
- Program/Project Management and Acquisition
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.