(ISC)2 CAP® Training Boot Camp

Get certified, guaranteed

Everything you need to earn your CAP

90-day extended access to Boot Camp components, including class recordings
100% Satisfaction Guarantee
Exam Pass Guarantee
Exam voucher
Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
Knowledge Transfer Guarantee
Pre-study learning path
Unlimited practice exam attempts

View Pricing

Award-winning training you can trust

What you'll learn

Training overview

Infosec’s CAP (soon to be CGRC) Boot Camp teaches you best practices, policies and procedures used to authorize and maintain information systems. You’ll learn how to use the RMF to support your organization’s operations while complying with legal and regulatory requirements.

The CAP certification is sought after by civilian, state and local governments, as well as system integrators supporting these organizations. You’ll leave with the knowledge and skills necessary to earn your (ISC)² CAP certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements.

While the training and exam materials will remain the same, this certification will be renamed on February 15th as (ISC)² Certified in Governance, Risk and Compliance (CGRC) to better reflect its seven domains.

Learn More

Before your boot camp

Prerequisites

In order to obtain the CAP certification, you must have at least two years of paid work experience in at least one of the seven domains listed in the (ISC)² CAP Common Body of Knowledge (CBK).

However, you can become an Associate of (ISC)² by passing the exam without the required work experience.

Syllabus

Training schedule

Risk Management Framework
Risk Management Framework
- - Understanding the Risk Management Framework
  - Categorization of information system
  - Selection of security controls
  - Security control implementation
  - Security control assessment
  - Information system authorization
  - Monitoring of security controls
Categorize information system Categorize information system
- - Information system
  - System security plan
  - Categorize a system
  - National security system
  - Privacy activities
  - System boundaries
  - Register system
Select security controls Select security controls
- - Establish the security control baseline
  - Common controls and security controls inheritance
  - Risk assessment as part of the Risk Management Framework (RMF)
Implement security controls Implement security controls
- - Implement selected security controls
  - Tailoring of security controls
  - Document security control implementation
Assess security controls Assess security controls
- - Prepare for security control assessment
  - Establish security control assessment plan (SAP)
  - Determine security control effectiveness and perform testing
  - Develop initial security assessment report (SAR)
  - Perform initial remediation actions
  - Develop final security assessment report and addendum
Authorize information system Authorize information system
- - Develop plan of action and milestones (POAM)
  - Assemble security authorization package
  - Determine risk
  - Determine the acceptability of risk
  - Obtain security authorization decision
Monitor security state Monitor security state
- - Determine security impact of changes to system and environment
  - Perform ongoing security control assessments
  - Conduct ongoing remediation actions
  - Update key documentation
  - Perform periodic security status reporting
  - Perform ongoing risk determination and acceptance
  - Decommission and remove system

Meets 8570.1 requirements

Attention DoD Information Assurance workers! This boot camp helps meet U.S. Department of Defense Directive 8570.1 requirements for department employees or contractors engaged in work related to information security.

View Pricing

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

View Pricing

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Request Team Pricing

FAQ

Frequently asked questions

Is CGRC the same certification as the CAP? Is CGRC the same certification as the CAP?
- Yes, the CAP certification will be officially renamed Certified in Governance, Risk and Compliance (CGRC) on February 15, 2023. The seven exam domains, also known as objectives, did not change.
Why is the (ISC)² CAP name changing to (ISC)² CGRC? Why is the (ISC)² CAP name changing to (ISC)² CGRC?
- (ISC)² has decided to rename the Certified Authorization Professional (CAP) exam to better represent the knowledge and skills of certification holders. With a continued focus on information security and information assurance professionals who work within governance, risk and compliance (GRC) roles — (ISC)² Certified in Governance, Risk and Compliance (CGRC) was determined to be a better name.

Enroll in a boot camp

March 15, 2023 - March 17, 2023

Online only

Exam Pass Guarantee

Book Now
May 31, 2023 - June 2, 2023

Online only

Exam Pass Guarantee

Book Now
September 6, 2023 - September 8, 2023

Online only

Exam Pass Guarantee

Book Now