(0 Ratings)
course-format course-format course-format course-format


4 Days

Certified Instructor

Course Id


Course Description

Course Overview

The Certified Authorization Professional (CAP) course is designed to equip individuals with the knowledge and skills necessary to effectively manage the authorization process within an organization’s information system. This course covers various aspects of the Risk Management Framework (RMF) and the Authorization Process, including security categorization, security control selection and implementation, security assessment, system documentation, and continuous monitoring. The CAP certification validates the expertise of professionals in implementing and managing the authorization process for information systems.


To enroll in the CAP course, individuals should have a minimum of two years of cumulative paid full-time work experience in one or more of the seven domains of the CAP Common Body of Knowledge (CBK). It is recommended to have a basic understanding of information security concepts, risk management principles, and familiarity with the RMF and the NIST Special Publication 800-37. The CAP course is suitable for security practitioners, system administrators, IT auditors, and individuals involved in the authorization process.


The CAP course follows a comprehensive and interactive approach to learning. It combines theoretical lectures, real-world examples, group discussions, and practical exercises to ensure a thorough understanding of the authorization process and its associated tasks. Participants will learn from experienced instructors with expertise in authorization and risk management, engage in collaborative activities and discussions, and work on hands-on exercises and case studies. The course encourages critical thinking, problem-solving, and the application of concepts in practical scenarios.

Course Outline

Risk Management Framework (RMF) Overview

Introduction to the RMF and its components

Roles and responsibilities in the authorization process

NIST Special Publication 800-37 and its use in the RMF

Categorization of Information Systems

Security categorization process and criteria

System characterization and impact assessment

Selecting security controls based on system categorization

Selection and Implementation of Security Controls

Security control families and their objectives

Security control implementation and customization

Documentation of security control implementation

Security Control Assessment

Security assessment process and methodologies

Planning and conducting security assessments

Reporting and documenting security assessment results

Authorization Package Development

System documentation requirements for authorization

Developing and documenting system security plans

Preparing the authorization package for review and approval

Continuous Monitoring and Remediation

Continuous monitoring concepts and practices

Ongoing security control assessments and reporting

Incident response and remediation procedures


Upon completing the CAP course and obtaining certification, professionals will have the knowledge and skills necessary to effectively manage the authorization process for information systems. They will be equipped to implement and oversee the RMF and ensure compliance with security requirements. Graduates of the course will be prepared for roles such as security authorization officers, information system owners, or risk managers. The CAP certification enhances career prospects and validates expertise in the authorization process.


The CAP course may include practical lab exercises that allow participants to apply their knowledge and skills in a simulated environment. The labs cover various aspects of the authorization process and provide hands-on experience in implementing security controls, conducting security assessments, and documenting system security plans. The specific labs may vary based on the training provider and curriculum, but some examples of lab activities may include:

  • Performing security categorization for information systems
  • Selecting and implementing security controls based on system requirements
  • Conducting security control assessments using assessment methodologies
  • Developing system security plans and authorization packages
  • Performing continuous monitoring activities and reporting on security posture

User Avatar


0 Reviews
1 Student
323 Courses
0 rating
5 stars
4 stars
3 stars
2 stars
1 stars