CAP Boot Camp
This CAP Boot Camp prepares individuals for the CAP examination through extensive lecture and drill sessions, reviews of all CAP Domains of knowledge, and practical question and answer scenarios, all through a high-energy seminar approach. The CAP Boot Camp is designed and offer for the busy profession who may not be able to take time off from work to complete a CAP Boot Camp. It is offered weekends and weekdays.
This course is intended for students with certification and accreditation experience or knowledge of the NIST SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems. The ideal candidate should have experience, knowledge or skills in any of the following:
- IT Security
- Information Assurance
- Information Risk Management
- Certification
- Systems Administration
- 1-2 years of general systems technical experience
- 2 years of database/systems development /network experience
- Information Security Policy
- Technical or auditing experience with government, the U.S. Department of Defense, the financial or health care industries, and /or auditing firms
- Strong familiarity with NIST documentation
This CAP Boot Camp will assist the student in:
- Understanding the purpose of Certification and Accreditation
- Defining Systems Authorization
- Describing and decide when Systems Authorization employed
- Defining roles and responsibilities
- Understanding the legal and regulatory requirements for C&A
- Initiating the C&A process
- Establishing Accreditation Boundaries
- Determining Security Categorization
- Performing initial Risk Assessment
- Selecting and Refining Security Controls
- Documenting Security Control
- Performing Certification Phase
- Assessing Security Control
- Documenting Results
- Understanding Accreditation Phase
- Conducting final Risk Assessment
- Generating and Presenting an Accreditation Report
- Performing Continuous Monitoring
- Monitoring Security Controls
- Monitoring and Assessing changes that effect the Information System
- Performing Security Impact Assessment as needed
- Documenting and Monitoring results of Impact Assessment
- Reentering C&A process as needed
- Maintaining System's Documentation (e.g. Interconnection Agreements)