Navigation

CISSP
CAP
Security Awareness
Assessment and Authorization (Certification and Accreditation (C&A))
Risk Management Framework (RMF)
DIACAP to NIST 800-37 Revision 1
ICD 503
MS Office

CAP Course

This CAP Course trains and prepares individuals for the CAP examination through extensive lectures and drill sessions, reviews of all CAP Domains of knowledge, and practical question and answer scenarios, all through a high-energy seminar approach. The CAP Course consists of 6 classes over the course of 6 weeks. Each session lasts 3 hours.

The CAP Course is designed for professionals that may not be able to take time off from work to complete a CAP Course. It is offered evening sessions.

The ideal candidate should have experience, knowledge or skills in any of the following:

  • IT Security
  • Information Assurance
  • Information Risk Management
  • Certification
  • Systems Administration
  • 1-2 years of general systems technical experience
  • 2 years of database/systems development /network experience
  • Information Security Policy
  • Technical or auditing experience with government, the U.S. Department of Defense, the financial or health care industries, and /or auditing firms
  • Strong familiarity with NIST documentation

This CAP Course will assist the student in:

  • Understanding the purpose of Certification and Accreditation
  • Defining Systems Authorization
  • Describing and decide when Systems Authorization employed
  • Defining roles and responsibilities
  • Understanding the legal and regulatory requirements for C&A
  • Initiating the C&A process
  • Establishing Accreditation Boundaries
  • Determining Security Categorization
  • Performing initial Risk Assessment
  • Selecting and Refining Security Controls
  • Documenting Security Control
  • Performing Certification Phase
  • Assessing Security Control
  • Documenting Results
  • Understanding Accreditation Phase
  • Conducting final Risk Assessment
  • Generating and Presenting an Accreditation Report
  • Performing Continuous Monitoring
  • Monitoring Security Controls
  • Monitoring and Assessing changes that effect the Information System
  • Performing Security Impact Assessment as needed
  • Documenting and Monitoring results of Impact Assessment
  • Reentering C&A process as needed
  • Maintaining System's Documentation (e.g. Interconnection Agreements)