• Classroom
  • Online, Instructor-Led

The Certified Authorization Professional (CAP) course is designed for the information security practitioner who champions system security commensurate with an organization's mission and risk tolerance, while meeting legal and regulatory requirements. The CAP certification course conceptually mirrors the NIST system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Appendix III. This 3-day program is comprised of a total of seven domains. The modular format is designed to organize and chunk information in order to assist with learning retention as participants are guided through the CAP course materials.

Learning Objectives

  • Provide the learner with the background information related to how the federal Risk Management Framework (RMF) was developed, the expectations set by Congress and OMB, as well as the manner in which the RMF integrates with other information and business processes
  • Provide the learner with the specific requirements and processes required to appropriately categorize an information system, including the federal mandates, requisite inputs, tasks, and related processes
  • Provide the learner with the specific requirements and processes required to appropriately select security controls for an information system, including the federal mandates, requisite inputs, tasks, and related processes
  • Provide the learner with the specific requirements and processes required to implement security controls for an information system, including the federal mandates, requisite inputs, tasks, and related processes
  • Provide the learner with the specific requirements and processes required to appropriately assess the security controls for an information system, including the federal mandates, requisite inputs, tasks, and related processes
  • Provide the learner with the specific requirements and processes required to appropriately authorize an information system, including the federal mandates, requisite inputs, tasks, and related processes
  • Provide the learner with the specific requirements and processes required to conduct continuous monitoring of an information system, including the federal mandates, requisite inputs, tasks, and related processes. This includes the two primary objectives of system, including the federal mandates, requisite inputs, tasks, and related processes. This includes the two primary objectives of near real-time risk management and ongoing security authorization

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Risk Management
  • Cybersecurity Management
  • Program/Project Management and Acquisition

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.