Course Code: 5698

Federal Risk Management Framework (RMF) Implementation 4.0 and CAP Exam Prep

Class Dates:
2/25/2019
Length:
4 Days
Cost:
$1995.00
Class Time:
Technology:
business
Delivery:

Overview

  • Course Overview
  • Federal Risk Management Framework (RMF) Implementation 4.0 focuses on the Risk Management Framework prescribed by NIST Standards.

    This courseware covers all objectives for the ISC2 Certified Authorization Professional (CAP) certification exam and can also be used to prepare students to take the exam. CAP exam topics are called out on the title page of each chapter.

    The 4.0 edition of the course is current as of August 2017. This edition incorporates the revisions to NIST Special Publications (SP 800-160, 800-171, 800-53, etc.), the development and publication of the CNSSI-1253, change 2 and CNSSI-1254 for the IC, additional NIST Special Publications produced to support RMF steps and activities, and the passage of FISMA 2014, as well as practical experience as SCA and ISSE for over 10 ATO efforts under RMF over the past several years.

  • Audience

Prerequisites

  • Recommended Courses:

Course Details

  • Introduction
  • Introductions
  • About the CAP exam
  • Table of Contents
  • Chapter 1: Introduction
  • RMF overview
  • Key concepts including assurance, assessment, authorization
  • Security controls
  • Chapter 2: Cybersecurity Policy Regulations and Framework
  • Security laws, policy, and regulations
  • Documents for cyber security guidance
  • Assessment and Authorization transformation goals
  • Chapter 4: Risk Analysis Process
  • Four-step risk management process
  • Impact level
  • Level of risk
  • Effective risk management options
  • Chapter 5: Step 1: Categorize
  • Step 1 key references
  • Sample SSP
  • Task 1-1: Security Categorization
  • Task 1-2: Information System Description
  • Task 1-3: Information System Registration
  • Lab Step 1: Categorize
  • Chapter 6: Step 2: Select
  • Step 2 key references
  • Task 2-1: Common Control Identification
  • Task 2-2: Select Security Controls
  • Task 2-3: Monitoring Strategy
  • Task 2-4: Security Plan Approval
  • Lab Step 2: Select Security Controls
  • Chapter 7: Step 3: Implement
  • Step 3 key references
  • Task 3-1: Security Control Implementation
  • Task 3.2: Security Control Documentation
  • Lab Step 3: Implement Security Controls
  • Chapter 8: Step 4: Assess
  • Step 4 key references
  • Task 4-1: Assessment Preparation
  • Task 4-2: Security Control Assessment
  • Task 4-3: Security Assessment Report
  • Task 4-4: Remediation Actions
  • Lab Step 4: Assessment Preparation
  • Chapter 9: Step 5: Authorize
  • Step 5 key references
  • Task 5-1: Plan of Action and Milestones
  • Task 5-2: Security Authorization Package
  • Task 5-3: Risk Determination
  • Task 5-4: Risk Acceptance
  • Lab Step 5: Authorizing Information Systems
  • Chapter 10: Step 6: Monitor
  • Step 6 key references
  • Task 6-1: Information System and Environment Changes
  • Task 6-2: Ongoing Security Control Assessments
  • Task 6-3: Ongoing Remediation Actions
  • Task 6-4: Key Updates
  • Task 6-5: Security Status Reporting
  • Task 6-6: Ongoing Risk Determination and Acceptance
  • Task 6-7: Information System Removal and Decommissioning
  • Continuous Monitoring
  • Security Automation Domains
  • Lab Step 6: Monitoring Security Controls