Course Code: 19215

Certified Authorization Professional (CAP)

Class Dates:
5 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • The Certified Authorization Professional (CAP) training is aimed at providing knowledge and skills to professionals for maintaining and authorizing information system. This certification is significant to those responsible for establishing information security requirements and documentation along with formalizing risk assessment processes of an information security system. A CAP certified individual ensures the right level of security for information assets which are exposed to potential risk and damage.

    The CAP credential is meant for commercial markets, local and civilian government. Also, it is recognized by the U.S. Federal government including the DoD (Department of Defense) under Information Assurance and Management. This course is ideal for authorization officials, information security professionals, information owners and senior system managers

  • Audience
  • Who Should Attend
    The CAP is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:

    The U.S. federal government, such as the U.S. Department of State or the Department of Defense (DoD)
    The military
    Civilian roles, such as federal contractors
    Local governments
    Private sector organizations


  • To qualify for the CAP certification, you must have:

    A minimum of two years cumulative, paid, full-time work experience
    In one or more of the seven domains of the CAP Common Body of Knowledge (CBK)

    To maintain certification, you must:
    Earn and post a minimum of 20 (ISC)2 CPE credits per year Comply with (ISC)2's Code of Professional Ethics

Course Details

  • hapter 1: RMF-CAP regulations, roles, and responsibilities
  • Module A: Introduction to RMF-CAP
  • Module B: Cybersecurity policy regulations and framework
  • Module C: RMF-CAP roles and responsibilities
  • Chapter 2: Risk analysis
  • Module A: Risk management
  • Module B: Risk assessment and the RMF process
  • Chapter 3: The RMF-CAP process
  • Module A: CAP Domain 1—Prepare
  • Module B: CAP Domain 2—Categorize
  • Lab: RMF Step 1–CAP Domain 2
  • Module C: CAP Domain 3—Select
  • Lab: RMF Step 2–CAP Domain 3
  • Lab: RMF Step 3–CAP Domain 4
  • Module E: CAP Domain 5—Assess Controls
  • Lab: RMF Step 4–CAP Domain 5
  • Module F: CAP Domain 6—Authorize
  • Module G: CAP Domain 7—Monitor Security Controls
  • Lab: RMF Step 6–CAP Domain 7
  • What you will learn
  • Understanding the purpose of information systems security authorization
  • Defining systems authorization
  • Describing and decide when systems authorization is employed
  • Defining roles and responsibilities
  • Understanding the legal and regulatory requirements for A&A
  • Initiating the authorization process
  • Establishing authorization boundaries
  • Determining security categorization
  • Performing initial risk assessment
  • Selecting and refining security control
  • Documenting security control
  • Performing certification phase
  • .
  • Assessing security control
  • Documenting results
  • Conducting final risk assessment
  • Generating and presenting an authorization report
  • Performing continuous monitoring
  • Monitoring security controls
  • Monitoring and assessing changes that affect the information system
  • Performing security impact assessment as needed
  • Documenting and monitoring results of impact assessments
  • Maintaining system’s documentation (e.g., POA&M, SSP, interconnection agreements)