Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

CAP Training Boot Camp

Learn how to maintain and authorize information systems within the NIST Risk Management Framework (RMF). You’ll leave this boot camp with the knowledge and domain expertise needed to pass the Certified Authorization Professional (CAP) exam the first time you take it.

Train from home — save up to $1,000

Get expert, live instruction without having to travel with an Infosec Flex Pro boot camp. We’ve trained 1,000s of students online over the past 5 years, helping our clients meet their career goals wherever they are most comfortable studying.

Now through the end of the month, you can enroll in any online Infosec Flex boot camp and save up to $1,000.

Earn your CAP, guaranteed!

Boot camp overview

Infosec’s CAP Boot Camp teaches you best practices, policies and procedures used to authorize and maintain information systems. You’ll learn how to use the RMF to support your organization’s operations while complying with legal and regulatory requirements.

The CAP certification is sought after by civilian, state and local governments, as well as system integrators supporting these organizations. You’ll leave with the knowlege and skills necessary to earn your (ISC)² CAP certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements.

Skill up and get certified, guaranteed

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

93% pass rate — the best in the industry

  • Three days of training with an expert instructor
  • Infosec digital courseware (physical textbooks available to purchase)
  • CAP exam voucher
  • 90-day access to course replays (Flex Pro)
  • Curated videos from other top-rated instructors (Flex Pro)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)

Limited-time offer: Continue learning after your boot camp with a complimentary 90-day subscription to Infosec Skills, which includes unlimited access to 500+ online courses, 100+ hands-on labs and projects, skill assessments, custom certification practice exams and more.

Course objectives

This boot camp prepares you to pass the (ISC)² CAP exam, which covers seven domain areas required for information system authorization practitioners:

  • Information security risk management program
  • Categorization of information systems
  • Selection of security controls
  • Implementation of security controls
  • Assessment of security controls
  • Authorization of information systems
  • Continuous monitoring

Award-winning training that you can trust

Infosec Skills

Best IT Security-related Training Program

Cyber Work with Chris Sienko

Best Cybersecurity Podcast

2019 Wisconsin Innovation Award


Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Who should attend?

  • Information system security officers
  • Senior system managers
  • System administrators
  • IT and information security professionals who use the RMF
  • Anyone looking to learn more about the NIST-based information systems security authorization process


In order to obtain the CAP certification, you must have at least two years of paid work experience in at least one of the seven domains listed in the (ISC)² CAP Common Body of Knowledge (CBK).

However, you can become an Associate of (ISC)² by passing the exam without the required work experience.

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee

Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

What you'll learn

  • Understanding the purpose of information systems security authorization
  • Defining systems authorization
  • Describing and decide when systems authorization is employed
  • Defining roles and responsibilities
  • Understanding the legal and regulatory requirements for A&A
  • Initiating the authorization process
  • Establishing authorization boundaries
  • Determining security categorization
  • Performing initial risk assessment
  • Selecting and refining security control
  • Documenting security control
  • Performing certification phase
  • Assessing security control
  • Documenting results
  • Conducting final risk assessment
  • Generating and presenting an authorization report
  • Performing continuous monitoring
  • Monitoring security controls
  • Monitoring and assessing changes that affect the information system
  • Performing security impact assessment as needed
  • Documenting and monitoring results of impact assessments
  • Maintaining system’s documentation (e.g., POA&M, SSP, interconnection agreements)

Can’t get away for a week?

Learn CAP on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 70+ learning paths
  • 500+ courses
  • Cloud-hosted cyber ranges and hands-on projects
  • Skill assessments and certification practice exams
  • Infosec community peer support

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

CAP Boot Camp details

Risk Management Framework

  • Understanding the Risk Management Framework
  • Categorization of information system
  • Selection of security controls
  • Security control implementation
  • Security control assessment
  • Information system authorization
  • Monitoring of security controls

RMF steps

  • Risk Management Framework processes
  • Categorize information system
    • Information system
    • System security plan
    • Categorize a system
    • National security system
    • Privacy activities
    • System boundaries
    • Register system
  • Select security controls
    • Establish the security control baseline
    • Common controls and security controls inheritance
    • Risk assessment as part of the Risk Management Framework (RMF)
  • Implement security controls
    • Implement selected security controls
    • Tailoring of security controls
    • Document security control implementation
  • Assess security controls
    • Prepare for security control assessment
    • Establish security control assessment plan (SAP)
    • Determine security control effectiveness and perform testing
    • Develop initial security assessment report (SAR)
    • Perform initial remediation actions
    • Develop final security assessment report and addendum
  • Authorize information system
    • Develop plan of action and milestones (POAM)
    • Assemble security authorization package
    • Determine risk
    • Determine the acceptability of risk
    • Obtain security authorization decision
  • Monitor security state
    • Determine security impact of changes to system and environment
    • Perform ongoing security control assessments
    • Conduct ongoing remediation actions
    • Update key documentation
    • Perform periodic security status reporting
    • Perform ongoing risk determination and acceptance
    • Decommission and remove system