This three (3) day instructor-led Risk Management Framework course for the Certified Authorization Professional (“CAP”), provides a process that integrates security and risk management activities into the system development life cycle. The risk-based approach to security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.

We provide scenario-based exercises to enhance understanding of the processes used for system authorization, including all of the elements of the Risk Management Framework. It is designed for employees and contractors in DoD and Intel agencies, and for any supporting vendors and service providers. The CAP program covers the following domains:
• Information Security Risk Management Framework Program (RMF)
• Categorization of Information Systems
• Selection of Security Controls
• Implementation of Security Controls
• Assessment of Security Controls
• Authorization of Information Systems
• Continuous Monitoring
• Lab and Practical Exercises
• Use Cases
The Certified Authorization Professional Program (“CAP”) is the only recognized training program covering the security domains that meet the full risk management framework Information Assurance Program and required under the DoD 8570 requirements.