Federal Risk Management Framework (RMF) Implementation 4.0 and CAP Exam Prep
CLASS DATE(s):
6/29/2020 - 7/1/2020
8/3/2020 - 8/5/2020

COURSE LENGTH: 3 Days

COURSE COST: $1794.00

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
print
Register for this course
register

COURSE OVERVIEW

Federal Risk Management Framework (RMF) Implementation 4.0 focuses on the Risk Management Framework prescribed by NIST Standards.

This courseware covers all objectives for the ISC2 Certified Authorization Professional (CAP) certification exam and can also be used to prepare students to take the exam. CAP exam topics are called out on the title page of each chapter.

The 4.0 edition of the course is current as of August 2017. This edition incorporates the revisions to NIST Special Publications (SP 800-160, 800-171, 800-53, etc.), the development and publication of the CNSSI-1253, change 2 and CNSSI-1254 for the IC, additional NIST Special Publications produced to support RMF steps and activities, and the passage of FISMA 2014, as well as practical experience as SCA and ISSE for over 10 ATO efforts under RMF over the past several years.

AUDIENCE AND PREREQUISITES

  

Course Cost doesn't include courseware cost $ 120. This cours is subject to a minimun enrollment to run. If the minimum enrollment is not met this couse may run as a virtual live instructor led course. For more information, please email: learn@vtec.org or call 207-775-0244.

COURSE TOPICS:


Introduction
Introductions
About the CAP exam
Table of Contents

Chapter 1: Introduction
RMF overview
Key concepts including assurance, assessment, authorization
Security controls

Chapter 2: Cybersecurity Policy Regulations and Framework
Security laws, policy, and regulations
Documents for cyber security guidance
Assessment and Authorization transformation goals

Chapter 4: Risk Analysis Process
Four-step risk management process
Impact level
Level of risk
Effective risk management options

Chapter 5: Step 1: Categorize
Step 1 key references
Sample SSP
Task 1-1: Security Categorization
Task 1-2: Information System Description
Task 1-3: Information System Registration
Lab Step 1: Categorize

Chapter 6: Step 2: Select
Step 2 key references
Task 2-1: Common Control Identification
Task 2-2: Select Security Controls
Task 2-3: Monitoring Strategy
Task 2-4: Security Plan Approval
Lab Step 2: Select Security Controls

Chapter 7: Step 3: Implement
Step 3 key references
Task 3-1: Security Control Implementation
Task 3.2: Security Control Documentation
Lab Step 3: Implement Security Controls

Chapter 8: Step 4: Assess
Step 4 key references
Task 4-1: Assessment Preparation
Task 4-2: Security Control Assessment
Task 4-3: Security Assessment Report
Task 4-4: Remediation Actions
Lab Step 4: Assessment Preparation

Chapter 9: Step 5: Authorize
Step 5 key references
Task 5-1: Plan of Action and Milestones
Task 5-2: Security Authorization Package
Task 5-3: Risk Determination
Task 5-4: Risk Acceptance
Lab Step 5: Authorizing Information Systems

Chapter 10: Step 6: Monitor
Step 6 key references
Task 6-1: Information System and Environment Changes
Task 6-2: Ongoing Security Control Assessments
Task 6-3: Ongoing Remediation Actions
Task 6-4: Key Updates
Task 6-5: Security Status Reporting
Task 6-6: Ongoing Risk Determination and Acceptance
Task 6-7: Information System Removal and Decommissioning
Continuous Monitoring
Security Automation Domains
Lab Step 6: Monitoring Security Controls