CAP Training Boot Camp

Learn how to maintain and authorize information systems within the NIST Risk Management Framework (RMF). You’ll leave this boot camp with the knowledge and domain expertise needed to pass the Certified Authorization Professional (CAP) exam the first time you take it.

★★★★☆

4.2

(775 ratings)

93% exam pass rate

Earn your CAP, guaranteed!

100% Satisfaction Guarantee
CAP exam voucher
Unlimited practice exam attempts
Three days live, expert CAP instruction (live online or in-person)
Immediate access to Infosec Skills — including a bonus CAP boot camp prep course — from the minute you enroll to 90 days after your boot camp
Learn by doing with 100s of additional hands-on courses and labs
90-day access to all boot camp video replays and materials
Knowledge Transfer Guarantee

Course objectives

This boot camp prepares you to pass the (ISC)² CAP exam, which covers seven domain areas required for information system authorization practitioners:

Information security risk management program
Categorization of information systems
Selection of security controls
Implementation of security controls
Assessment of security controls
Authorization of information systems
Continuous monitoring

View full course schedule

Training overview

Infosec’s CAP Boot Camp teaches you best practices, policies and procedures used to authorize and maintain information systems. You’ll learn how to use the RMF to support your organization’s operations while complying with legal and regulatory requirements.

The CAP certification is sought after by civilian, state and local governments, as well as system integrators supporting these organizations. You’ll leave with the knowledge and skills necessary to earn your (ISC)² CAP certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements.

What you'll learn

Understanding the purpose of information systems security authorization
Defining systems authorization
Describing and decide when systems authorization is employed
Defining roles and responsibilities
Understanding the legal and regulatory requirements for A&A
Initiating the authorization process
Establishing authorization boundaries
Determining security categorization
Performing initial risk assessment
Selecting and refining security control
Documenting security control
Performing certification phase
Assessing security control
Documenting results
Conducting final risk assessment
Generating and presenting an authorization report
Performing continuous monitoring
Monitoring security controls
Monitoring and assessing changes that affect the information system
Performing security impact assessment as needed
Documenting and monitoring results of impact assessments
Maintaining system’s documentation (e.g., POA&M, SSP, interconnection agreements)

Who should attend

Information system security officers
Senior system managers
System administrators
IT and information security professionals who use the RMF
Anyone looking to learn more about the NIST-based information systems security authorization process

Prerequisites

In order to obtain the CAP certification, you must have at least two years of paid work experience in at least one of the seven domains listed in the (ISC)² CAP Common Body of Knowledge (CBK).

However, you can become an Associate of (ISC)² by passing the exam without the required work experience.

Skill up on your schedule

Infosec Skills boot camp

Exam Pass Guarantee
100% Satisfaction Guarantee
CAP exam voucher
3 days live, expert CAP instruction (available online or in-person)
90 day extended access to recordings of daily lessons
100s of additional hands-on courses and labs
Knowledge Transfer Guarantee

Infosec Skills

On-demand CAP training
Unlimited practice exam attempts
80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
100s of hands-on labs in cloud-hosted cyber ranges
Skill assessments
Infosec peer community support
1,000s of CPE opportunities

7-Day Free Trial

Exam Pass Guarantee

We guarantee you’ll pass your exam on the first attempt. Learn more.

CAP training schedule

Infosec’s CAP materials are always up to date and synchronized with the latest (ISC)² exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

Before your boot camp
- Start learning now. You’ll get immediate access to all the content in Infosec Skills, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
During your boot camp
- Introduction
  Risk Management Framework
  
  Understanding the Risk Management Framework
  
  Categorization of information system
  
  Selection of security controls
  
  Security control implementation
  
  Security control assessment
  
  Information system authorization
  
  Monitoring of security controls
  
  RMF steps
  
  Risk Management Framework processes
  
  Categorize information system
  
  Information system
  
  System security plan
  
  Categorize a system
  
  National security system
  
  Privacy activities
  
  System boundaries
  
  Register system
  
  Select security controls
  
  Establish the security control baseline
  
  Common controls and security controls inheritance
  
  Risk assessment as part of the Risk Management Framework (RMF)
  
  Implement security controls
  
  Implement selected security controls
  
  Tailoring of security controls
  
  Document security control implementation
  
  Assess security controls
  
  Prepare for security control assessment
  
  Establish security control assessment plan (SAP)
  
  Determine security control effectiveness and perform testing
  
  Develop initial security assessment report (SAR)
  
  Perform initial remediation actions
  
  Develop final security assessment report and addendum
  
  Authorize information system
  
  Develop plan of action and milestones (POAM)
  
  Assemble security authorization package
  
  Determine risk
  
  Determine the acceptability of risk
  
  Obtain security authorization decision
  
  Monitor security state
  
  Determine security impact of changes to system and environment
  
  Perform ongoing security control assessments
  
  Conduct ongoing remediation actions
  
  Update key documentation
  
  Perform periodic security status reporting
  
  Perform ongoing risk determination and acceptance
  
  Decommission and remove system
After your boot camp
- Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

Free CAP training resources

CAP Resource Hub

Explore our CAP resource hub to learn all about the CAP, including exam information, study resources, salary data, job outlook and more.

See Resources

The business impact of cyber risk

KPMG reports 68% of CEOs believe a cyber-attack is a matter of when — not if. How is your organization preparing to mitigate cyber risk in the new year? Join David Kruse, technology risk consultant, Justin Webb, CIPP-certified attorney and Jeff McCollum, crisis response and public relations professional for strategies to help you discuss cybersecurity at the board level, assess and mitigate cyber risk at your organization, and reduce the business impact of cyber incidents through planning and response.

Listen Now

Assessing Vulnerabilities

Check out different ways to detect vulnerabilities and mitigation strategies.