CAP Training Boot Camp

Infosec’s 3-Day CAP Boot Camp focuses on preparing students for the CAP exam through extensive mentoring and drill sessions, review of the entire body of knowledge, and practical question and answer scenarios, all through a high-energy seminar approach.

Award Winning Training

For 17 years InfoSec has been one of the most awarded and trusted IT training vendors - 42 industry awards!

Exam Pass Guarantee

We offer peace of mind with our Exam Pass Guarantee for Flex Pro students.

Analysts Recommended

IDC lists Infosec as Major Player in their Security Training Vendor Assessment.

CAP Training Course Overview

Infosec’s Certified Authorization Professional (CAP) Boot Camp focuses on preparing students for the CAP exam through extensive mentoring and drill sessions, review of all 7 CAP domains of knowledge, and practical question and answer scenarios, all through a high-energy seminar approach. This class is the product of a wide range of leading industry experts and authors, and our training materials are considered the absolute best for CAP preparation.

The Certified Authorization Professional (CAP) credential applies to professionals who need to setup the formal processes used to assess risk and establish security requirements based on regulatory standards. It’s a very important job which ensures that information systems have appropriate security controls to mitigate potential risk, as well as protecting against damage to assets or individuals. The credential is sought after by civilian, state and local governments, as well as system integrators supporting these organizations.

Course Objectives

Upon completing our 3 day CAP Boot Camp you will gain valuable knowledge and skills including the ability to:

  • Understanding the Purpose of Information Systems Security Authorization
  • Defining Systems Authorization
  • Describing and Decide When Systems Authorization Is Employed
  • Defining Roles and Responsibilities
  • Understanding the Legal and Regulatory Requirements for C&A
  • Initiating the Authorization Process
  • Establishing Authorization Boundaries
  • Determining Security Categorization
  • Performing Initial Risk Assessment
  • Selecting and Refining Security Controls
  • Documenting Security Control
  • Performing Certification Phase
  • Assessing Security Control
  • Documenting Results
  • Conducting Final Risk Assessment
  • Generating and Presenting an Authorization Report
  • Performing Continuous Monitoring
  • Monitoring Security Controls
  • Monitoring and Assessing Changes That Affect the Information System
  • Performing Security Impact Assessment As Needed
  • Documenting and Monitoring Results of Impact Assessments
  • Maintaining System’s Documentation (E.G., POA&M, SSP, Interconnection Agreements)

CAP Boot Camp

Rated 4.75/5 based on 6 customer reviews

Award-winning training that you can trust.

High Performer

Technical Skills Development Software

Outstanding Partnership Award

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Additional Information

What’s Included

  • Infosec Custom CAP Textbook with Review Questions
  • Exam Review, In-Class Mentoring
  • Pre-Shipment of Textbook
  • Catered Lunch
  • (ISC)2 Exam Fee
  • Course Registration Fee
  • Exam Pass Guarantee (Flex Pro)


To achieve the CAP credential, you need a minimum of two years of direct full-time information systems security authorization professional experience in one or more of these seven (ISC)² CAP domains:

  1. Risk Management Framework (RMF)
  2. Categorization of Information Systems
  3. Selection of Security Controls
  4. Security Control Implementation
  5. Security Control Assessment
  6. Information System Authorization
  7. Monitoring of Security Controls

Who Should Attend

Employees who perform functions such as authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers can benefit from this training, including:

  • System Administrators
  • Information Security Professionals
  • Anyone involved in a NIST-based information systems security authorization process. Manage security, including basic firewall and SELinux configuration

Certification Exam

  • Time Limit: 3 Hours
  • Number of Questions: 125
  • Question Format: Multiple Choice Questions
  • Passing Grade: 700 out of 1000 Points

View Pricing

We will never share any of your information, spam you or annoy you with pushy sales pitches.

Our Major Clients

Course Outline


Risk Management Framework

  • Understanding the Risk Management Framework
  • Categorization of Information System
  • Selection of Security Controls
  • Security Control Implementation
  • Security Control Assessment
  • Information System Authorization
  • Monitoring of Security Controls

RMF Steps

  • Risk Management Framework Processes
  • Categorize Information System
  • Categorize a System
    • National Security System
    • Privacy Activities
    • System Boundaries
    • Register System
  • Select Security Controls
    • Establish the Security Control Baseline
    • Common Controls and Security Controls Inheritance
    • Risk Assessment as part of the Risk Management Framework (RMF)
  • Implement Security Controls
    • Implement Selected Security Controls
    • Tailoring of Security Controls
    • Document Security Control Implementation
  • Assess Security Controls
    • Prepare for Security Control Assessment
    • Establish Security Control Assessment Plan (SAP)
    • Determine Security Control Effectiveness – Perform the Testing
    • Develop Initial Security Assessment Report (SAR)
    • Perform Initial Remediation Actions
    • Develop Final Security Assessment Report and Addendum
  • Authorize Information System
    • Develop Plan on Action and Milestones (POAM)
    • Assemble Security Authorization Package
    • Determine Risk
    • Determine the Acceptability of Risk
    • Obtain Security Authorization Decision
  • Monitor Security State
    • Determine Security Impact of Changes to System and Environment
    • Perform Ongoing Security Control Assessments
    • Conduct Ongoing Remediation Actions
    • Update Key Documentation
    • Perform Periodic Security Status Reporting
    • Perform Ongoing Risk Determination and Acceptance
    • Decommission and Remove System

Book your course

    What Our Students Are Saying

    Very knowledgeable, this course presented the best methodology for conducting a risk assessment that I have seen in 15+ years.

    Scott L. Tate Paco Moreno

    CAP Training Boot Camp
    Ready to get started? Get instant pricing for this award-winning boot camp. View course pricing
    View instant course pricing