CAP Training Boot Camp
Learn how to maintain and authorize information systems within the NIST Risk Management Framework (RMF). You’ll leave this boot camp with the knowledge and domain expertise needed to pass the Certified Authorization Professional (CAP) exam the first time you take it.
Earn your CAP, guaranteed!
- 100% Satisfaction Guarantee
- CAP exam voucher
- Unlimited practice exam attempts
- Three days live, expert CAP instruction (live online or in-person)
- Immediate access to Infosec Skills — including a bonus CAP boot camp prep course — from the minute you enroll to 90 days after your boot camp
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Course objectives
This boot camp prepares you to pass the (ISC)² CAP exam, which covers seven domain areas required for information system authorization practitioners:
- Information security risk management program
- Categorization of information systems
- Selection of security controls
- Implementation of security controls
- Assessment of security controls
- Authorization of information systems
- Continuous monitoring
Training overview
Infosec’s CAP Boot Camp teaches you best practices, policies and procedures used to authorize and maintain information systems. You’ll learn how to use the RMF to support your organization’s operations while complying with legal and regulatory requirements.
The CAP certification is sought after by civilian, state and local governments, as well as system integrators supporting these organizations. You’ll leave with the knowledge and skills necessary to earn your (ISC)² CAP certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements.
What you'll learn
- Understanding the purpose of information systems security authorization
- Defining systems authorization
- Describing and decide when systems authorization is employed
- Defining roles and responsibilities
- Understanding the legal and regulatory requirements for A&A
- Initiating the authorization process
- Establishing authorization boundaries
- Determining security categorization
- Performing initial risk assessment
- Selecting and refining security control
- Documenting security control
- Performing certification phase
- Assessing security control
- Documenting results
- Conducting final risk assessment
- Generating and presenting an authorization report
- Performing continuous monitoring
- Monitoring security controls
- Monitoring and assessing changes that affect the information system
- Performing security impact assessment as needed
- Documenting and monitoring results of impact assessments
- Maintaining system’s documentation (e.g., POA&M, SSP, interconnection agreements)
Who should attend
- Information system security officers
- Senior system managers
- System administrators
- IT and information security professionals who use the RMF
- Anyone looking to learn more about the NIST-based information systems security authorization process
Prerequisites
In order to obtain the CAP certification, you must have at least two years of paid work experience in at least one of the seven domains listed in the (ISC)² CAP Common Body of Knowledge (CBK).
However, you can become an Associate of (ISC)² by passing the exam without the required work experience.
Get training resources sent to your inbox
Skill up on your schedule
Infosec Skills boot camp
- Exam Pass Guarantee
- 100% Satisfaction Guarantee
- CAP exam voucher
- 3 days live, expert CAP instruction (available online or in-person)
- 90 day extended access to recordings of daily lessons
- 100s of additional hands-on courses and labs
- Knowledge Transfer Guarantee
Infosec Skills
- On-demand CAP training
- Unlimited practice exam attempts
- 80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Skill assessments
- Infosec peer community support
- 1,000s of CPE opportunities
Exam Pass Guarantee
We guarantee you’ll pass your exam on the first attempt. Learn more.
CAP training schedule
Infosec’s CAP materials are always up to date and synchronized with the latest (ISC)² exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Introduction
Risk Management Framework- Understanding the Risk Management Framework
- Categorization of information system
- Selection of security controls
- Security control implementation
- Security control assessment
- Information system authorization
- Monitoring of security controls
RMF steps
- Risk Management Framework processes
- Categorize information system
- Information system
- System security plan
- Categorize a system
- National security system
- Privacy activities
- System boundaries
- Register system
- Select security controls
- Establish the security control baseline
- Common controls and security controls inheritance
- Risk assessment as part of the Risk Management Framework (RMF)
- Implement security controls
- Implement selected security controls
- Tailoring of security controls
- Document security control implementation
- Assess security controls
- Prepare for security control assessment
- Establish security control assessment plan (SAP)
- Determine security control effectiveness and perform testing
- Develop initial security assessment report (SAR)
- Perform initial remediation actions
- Develop final security assessment report and addendum
- Authorize information system
- Develop plan of action and milestones (POAM)
- Assemble security authorization package
- Determine risk
- Determine the acceptability of risk
- Obtain security authorization decision
- Monitor security state
- Determine security impact of changes to system and environment
- Perform ongoing security control assessments
- Conduct ongoing remediation actions
- Update key documentation
- Perform periodic security status reporting
- Perform ongoing risk determination and acceptance
- Decommission and remove system
-
-
After your boot camp
-
Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-