CAP – Certification Authorization Professional

Security Authorization of IS

  • Introduction
  • Key Elements of an Enterprise System Authorization Program
  • NIST 800-37
  • System Authorization Roles and responsibilities
  • System Authorization Life Cycle
  • Why System Authorization Programs Fail
  • System Authorization Project Planning
  • System Inventory Process
  • Interconnected Systems

Information System Categorization

  • Introduction
  • Defining Sensitivity
  • Data Sensitivity and System Sensitivity
  • Sensitivity Assessment Process
  • Data Classification Approaches
  • Responsibility for Data Sensitivity Assessment
  • ranking Data Sensitivity
  • National Security Information
  • Criticality
  • Criticality Assessment
  • Criticality in the View of the System Owner
  • Raking Criticality
  • Changes in Criticality and Sensitivity
  • NIST Guidance on System Categorization

Establishment of the Security Control Baselines

  • Introduction
  • Minimum Security Baselines and Best Practices
  • Assessing Risk
  • System Security Plans
  • NIST Guidance on Security Control Selection

Application of Security Controls

  • Introduction
  • Security Procedures
  • Remediation Planning
  • NIST Guidance on Implementation of Security Controls

Assessment of Security Controls

  • Introduction
  • Scope of Testing
  • Level of Effort
  • Assessor Independence
  • Developing the Test Plan
  • Role of the Host
  • Test Execution
  • Documenting Test Results
  • NIST Guidance on Assessment of Security Control Effectiveness

Information System Authorization

  • Introduction
  • System Authorization Decision Making
  • Essential System Authorization Documentation
  • NIST Guidance on Authorization of IS

Security Controls Monitoring

  • Introduction
  • Continuous Monitoring
  • NIST Guidance on Ongoing Monitoring of Security Controls and Security State of the IS

System Authorization Case Studies

  • Situation
  • Action Plan
  • Lessons Learned
  • Tools
  • Document Templates
  • Coordination
  • Role of the Inspector General
  • Compliance monitoring
  • Measuring Success
  • Project milestones
  • Interim Accreditation
  • Management Support and Focus
  • Results and future Challenges

The Future of the IS Authorization (Bonuses)

  • References
  • Glossary
  • Statement of Work
  • Sample Work Project Plan
  • Sample Project Wrap-Up Presentation Outline
  • Sample System Inventory Policy
  • Sample BIA
  • Sample Rules of Behavior (GSS)
  • Sample Rules of Behavior  (Major Application)
  • Sample System Security Plan Outline
  • Sample Memorandum of Understanding
  • Sample Interconnection Security Agreement
  • Sample Risk Assessment Outline
  • Sample Security Procedure
  • Sample Certification Test Results Matrix
  • Sample Risk Remediation Plan
  • Sample Certification Statement
  • Sample Accreditation Letter
  • Sample Interim Accreditation Letter
  • Certification and Accreditation Professional CBK

Leave Comment

Your email address will not be published. Required fields are marked *

UA-46837009-1