Class Is Recorded with Unlimited Access for 90-Days
We Coach Until You Pass
100 % Exam Pass Guarantee
12-Additional Hours of Exam Review at No Charge
Overview
Federal Risk Management Framework (RMF) 2.0 Implementation with CAP Exam Review focuses on the Risk Management Framework prescribed by NIST Standards. This course can also be used to aid in preparation for the ISC2 Certified Authorization Professional (CAP) exam. This course covers 100% of the CAP exam requirements.
This course is current as of March 2019. It was revised due to NIST producing new and updated publications over the preceding two years, including SP 800-37, rev. 2; SP-800-53, rev. 5; SP 800-160, V1 and V2; and SP 800-171, rev. 1 among others. It was also revised to incorporate ISC2’s update to the CAP Exam criteria and domain content in October 2018.
The course comes with a disk of reference materials including sample documents, NIST publications, and regulatory documents. Downloadable ancillary materials include a study guide and a References and Policies handout. Instructors will also be given access to a sample CAP exam with answer key.
Benefits
-
- All trainers are experienced DIACAP, NIST, RMF, and other policy guidance experts
- Intensive and Authorized Virtual-Live Training (online live sessions)
- Certificate of Completion automatically sent at the end of the class
- YOUR live class is recorded and turned into eLearning with 3-months access via student portal
- Message your trainer in-platform for 6-weeks
- Post class assessment
Curriculum
Chapter 1: Introduction
RMF overview
Key concepts including assurance, assessment, authorization
Security controls
Chapter 2: Cybersecurity Policy Regulations & Framework
Security laws, policy, and regulations
System Development Life Cycle (SLDC)
Documents for cyber security guidance
Chapter 3: RMF Roles and Responsibilities
Tasks and responsibilities for RMF roles
Chapter 4: Risk Analysis Process
Overview of risk management
Four-step risk management process
Tasks breakdown
Risk assessment reporting and options
Chapter 5: Step 1: Categorize
Step key references and overview
Sample SSP
Task 1-1: Security Categorization
Task 1-2: Information System Description
Task 1-3: Information System Registration
Lab: The Security Awareness Agency
Chapter 6: Step 2: Select
Step key references and overview
Task 2-1: Common Control Identification
Task 2-2: Select Security Controls
Task 2-3: Monitoring Strategy
Task 2-4: Security Plan Approval
Lab: Select Security Controls
Chapter 7: Step 3: Implement
Step key references and overview
Task 3-1: Security Control Implementation
Task 3.2: Security Control Documentation
Lab: Security Control Implementation
Chapter 8: Step 4: Assess
Step key references and overview
Task 4-1: Assessment Preparation
Task 4-2: Security Control Assessment
Task 4-3: Security Assessment Report
Task 4-4: Remediation Actions
Task 4-5: Final Assessment Report
Lab: Assessment Preparation
Chapter 9: Step 5: Authorize
Step key references and overview
Task 5-1: Plan of Action and Milestones
Task 5-2: Security Authorization Package
Task 5-3: Risk Determination
Task 5-4: Risk Acceptance
Lab Step 5: Authorizing Information Systems
Chapter 10: Step 6: Monitor
Step key references and overview
Task 6-1: Information System & Environment Changes
Task 6-2: Ongoing Security Control Assessments
Task 6-3: Ongoing Remediation Actions
Task 6-4: Key Updates
Task 6-5: Security Status Reporting
Task 6-6: Ongoing Risk Determination & Acceptance
Task 6-7: Information System Removal & Decommissioning
Continuous Monitoring
Security Automation Domains
Lab: Info System & Environment Changes
Appendix
Appendix A: Supplement Reference
Appendix B: RMF/CAP Review and Step Checklists
Appendix C: Acronym Reference
Appendix D: Answer Keys
Answers to Review Questions
Lab Exercise Answers