Federal Risk Management Framework (RMF) 2.0 Implementation and CAP Review

  • Vendor: RMF
  • Class: 5 Days
  • Voucher: None
  • Certification: CAP
  • Exam Method: PearsonVUE
  • 4 Days
  • Virtual - Live

Class Is Recorded with Unlimited Access for 90-Days

We Coach Until You Pass

100 % Exam Pass Guarantee

12-Additional Hours of Exam Review at No Charge


Federal Risk Management Framework (RMF) 2.0 Implementation with CAP Exam Review focuses on the Risk Management Framework prescribed by NIST Standards. This course can also be used to aid in preparation for the ISC2 Certified Authorization Professional (CAP) exam. This course covers 100% of the CAP exam requirements.
This course is current as of March 2019. It was revised due to NIST producing new and updated publications over the preceding two years, including SP 800-37, rev. 2; SP-800-53, rev. 5; SP 800-160, V1 and V2; and SP 800-171, rev. 1 among others. It was also revised to incorporate ISC2’s update to the CAP Exam criteria and domain content in October 2018.
The course comes with a disk of reference materials including sample documents, NIST publications, and regulatory documents. Downloadable ancillary materials include a study guide and a References and Policies handout. Instructors will also be given access to a sample CAP exam with answer key.


    1. All trainers are experienced DIACAP, NIST, RMF, and other policy guidance experts
    2. Intensive and Authorized Virtual-Live Training (online live sessions)
    3. Certificate of Completion automatically sent at the end of the class
    4. YOUR live class is recorded and turned into eLearning with 3-months access via student portal
    5. Message your trainer in-platform for 6-weeks
    6. Post class assessment


Chapter 1: Introduction

RMF overview

Key concepts including assurance, assessment, authorization

Security controls

Chapter 2: Cybersecurity Policy Regulations & Framework

Security laws, policy, and regulations

System Development Life Cycle (SLDC)

Documents for cyber security guidance

Chapter 3: RMF Roles and Responsibilities

Tasks and responsibilities for RMF roles

Chapter 4: Risk Analysis Process

Overview of risk management

Four-step risk management process

Tasks breakdown

Risk assessment reporting and options

Chapter 5: Step 1: Categorize

Step key references and overview

Sample SSP

Task 1-1: Security Categorization

Task 1-2: Information System Description

Task 1-3: Information System Registration

Lab: The Security Awareness Agency

Chapter 6: Step 2: Select

Step key references and overview

Task 2-1: Common Control Identification

Task 2-2: Select Security Controls

Task 2-3: Monitoring Strategy

Task 2-4: Security Plan Approval

Lab: Select Security Controls

Chapter 7: Step 3: Implement

Step key references and overview

Task 3-1: Security Control Implementation

Task 3.2: Security Control Documentation

Lab: Security Control Implementation

Chapter 8: Step 4: Assess

Step key references and overview

Task 4-1: Assessment Preparation

Task 4-2: Security Control Assessment

Task 4-3: Security Assessment Report

Task 4-4: Remediation Actions

Task 4-5: Final Assessment Report

Lab: Assessment Preparation

Chapter 9: Step 5: Authorize

Step key references and overview

Task 5-1: Plan of Action and Milestones

Task 5-2: Security Authorization Package

Task 5-3: Risk Determination

Task 5-4: Risk Acceptance

Lab Step 5: Authorizing Information Systems

Chapter 10: Step 6: Monitor

Step key references and overview

Task 6-1: Information System & Environment Changes

Task 6-2: Ongoing Security Control Assessments

Task 6-3: Ongoing Remediation Actions

Task 6-4: Key Updates

Task 6-5: Security Status Reporting

Task 6-6: Ongoing Risk Determination & Acceptance

Task 6-7: Information System Removal & Decommissioning

Continuous Monitoring

Security Automation Domains

Lab: Info System & Environment Changes


Appendix A: Supplement Reference

Appendix B: RMF/CAP Review and Step Checklists

Appendix C: Acronym Reference

Appendix D: Answer Keys

Answers to Review Questions

Lab Exercise Answers

Upcoming Public Training

Upcoming Classes

Do not sell my info