For those with knowledge, is there a reason for this?
I'm asking on behalf of those who are studying for the 2021 CAP as they also study NIST pubs at the same time. The RMF steps for each aren't exactly the same, in content or words/titles.
-One big difference is the Categorization step which is still called "Categorize" per NIST SP 800-37 Rev 2 or NIST SP 800-53 Rev 5. But, the new CAP exam outline for 2021 calls it "Scope" which is essentially the same thing when comparing the substeps of each (the substeps of "Categorize" in NIST are essentially the same as the substeps of "Scope" in CAP).
-NIST has a "Prepare" step which doesn't really precede or succeed any of the other steps as a whole. Instead, the substeps of "Prepare" feed into one or more of the other six RMF steps. There is no "Prepare" step in CAP; it has an "Information Security Risk Management Program" step which precedes the other six RMF steps defined by CAP. Not only this, but this step contains different content than the "Prepare" step of NIST.
-Jumping down to the bottom, the "Monitor" and "Continuous Monitoring" steps have some similarities but also contain vastly different information in several of the substeps.
One of the troubling issues is, one will have to fish through NIST SP 800-37 Rev 2 to find some of the same or similar information found in different sections in the CAP exam outline, if articulation of information/concepts is required.
Just wondering what the reasoning for this is. Thanks for the assistance and support.