Best CGRC certification study resources and training materials

Daniel Brecht
December 14, 2021 by
Daniel Brecht

Are you looking to build your career and demonstrate your expertise within various risk management frameworks (RMFs)? If so, you might want to consider the Certified Authorization Professional (CAP) credential offered by ISC2, also known as the International Information System Security Certification Consortium, Inc. This certification challenges IT, information security and information assurance practitioners who work in governance, risk and compliance (GRC) roles and need to understand and implement a risk management program for IT systems within an organization.

Ready to be a CAP? First, as a candidate sitting for this exam, it's important to familiarize yourself with the Certification Exam Outline, which contains a broad spectrum of topics in the common body of knowledge (CBK). This is significant given that the test results measure knowledge, skills and abilities across the relevant domains and subject matter.

Earn your CGRC, guaranteed!

Earn your CGRC, guaranteed!

Enroll in a CGRC (formerly CAP) Boot Camp and earn one of the industry's most respected certifications — guaranteed.

What is the best CAP study guide?

To know more about the credential, ISC2 offers the free Ultimate Guide to the CAP. You'll discover the pathway to becoming certified, find out about the official ISC2 training, and get an exam overview of the broad spectrum of topics included in the CAP CBK. What's more, you'll know the benefits of this certification in building your career and demonstrating your expertise within various risk management frameworks; this information ensures you can compare what the certificate offers against your career interests and needs.

For an in-depth look at the actual content covered by the exam, professionals can consider the "Official ISC2® Guide to the CAP® CBK®," Second Edition by Patrick Howard. This resource is already updated to reflect the latest changes in the exam, covers all topics on which the test CBK focuses and reviews the U.S. federal policies on which testers are examined, including DITSCAP, NIACAP, CNSS, NIAP, DoD 8500.1 and 8500.2 and NIST FIPS.

Another interesting free resource is the eBook Advance Your Risk Management Career Strategy, a handy on-the-job reference. It covers the stories of 20 cybersecurity professionals that explain how the CAP credential helped them in their careers by guiding them through mastering winning strategies in risk assessment and security authorization. It can help you along the path in many ways:

  • Top-level expertise in the Risk Management Framework (RMF)
  • It opens the door to cybersecurity career advancement
  • Impacts the long-term success of individuals and organizations

The NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, is one of the CBK suggested references to be acquired or consulted as a starting point for the candidates' studies in domain one of the CAP certification. "This publication describes the Risk Management Framework (RMF) and provides guidelines for applying the RMF to information systems and organizations." The next resource might not be a study guide per se but, since RMF 2.0 is featured prominently on the test, its review would benefit any professional preparing for the exam.

What are the best online discussion boards for the CAP exam?

The CAP Certification Study Group is an open discussion forum by ISC2 Community forum for those studying for the credential. This closed group hub requires you to be logged in and allows you to share best practices and study tips with professionals worldwide preparing for the test.

In addition, candidates can look for active threads in the TechExams Community forum and get involved as content contributors.

Where can I find CAP practice exam questions?

ISC2 CAP actual Exam Questions and Answers: CAP Certified Authorization Professional 245 practice exam questions provide Q&As taken from previous actual tests and are prepared by EXAM BOOST. 

You can also study for the CAP exam anytime, anywhere with Official ISC2 CAP Flash Cards. This interactive tool tests your knowledge and gives immediate feedback. Just fill out the short form for free access to this resource.

What are the best CAP training courses?

The Official ISC2 CBK Training Seminar for the CAP provides a comprehensive review of information systems security concepts and industry best practices, while also covering the seven domains: Information Security Risk Management Program, Scope of the Information System, Selection and Approval of Security and Privacy Controls, Implementation of Security and Privacy Controls, Assessment/Audit of Security and Privacy Controls, Authorization/Approval of Information System and Continuous Monitoring.

This training course has content that aligns with the recently refreshed CAP exam outline and features live virtual instruction by an ISC2 Authorized Instructor. It is a good option for IT, information security and information assurance practitioners and contractors who use the NIST Risk Management Framework (RMF) in the federal government, military, civilian roles, local governments and private sector organizations. By enrolling, you get:

  • Access to official course content for 180 days
  • Recordings of live virtual sessions
  • The Official ISC2 CAP Student Guide in printable electronic format — 365-day access

Self-paced CAP training courses

The ISC2 Certification Prep Kit provides official training course previews, fast facts, advice, tips and more. You will need to register for the tutorial and create a user profile to start your journey.

The ISC2 Security Congress Webinars provide recorded sessions on various hot topics within information security from the 2021 event. This is a great means for professionals to learn at their own pace and increase their knowledge of current themes in the field. They give extensive opportunities for professional development and an understanding of the increasingly complex risk environment facing businesses of all sizes.

The ISC2 Professional Development Immersive Courses provide in-depth training on various relevant and timely cybersecurity topics delivered in an online, self-paced format. Pick among the offered subject areas under discussion that can help your career move forward.

CAP certification boot camps

ISC2 offers several courses and a boot camp that focuses on reviewing best practices to authorize and maintain information systems within the RMF. However, you can also participate in a three-day CAP Training Boot Camp (live online or in-person) that concentrates on gearing up candidates through extensive mentoring and drill sessions through a hands-on course and lab. This is a great option to uncover your knowledge gaps and maximize your training experience. You can view a learning path that provides you with the knowledge and skills necessary to pass the Certified Authorization Professional (CAP) exam.

Earn your CGRC, guaranteed!

Earn your CGRC, guaranteed!

Enroll in a CGRC (formerly CAP) Boot Camp and earn one of the industry's most respected certifications — guaranteed.

Finding the right CAP study materials

Certifications are a great way to gain professional and personal development, and the CAP credential is no exception. It effectively validates specific knowledge, skills or abilities for professionals in risk management roles. Achieving the CAP certification provides a means to advance in the line of work and stand out in the eyes of current or potential employers and increase salary.

This article provides information on how to best prepare for this vendor-neutral credential. When ready, register for your exam ($599) by creating an account with Pearson VUE and scheduling at testing locations near you. 

After achieving a passing score on the test, you will need to pay an Annual Maintenance Fee (AMF) of $125 to begin a three-year certification cycle. To ensure your skills remain current, you will have to earn continuing professional education (CPE) credits. There's a minimum of 20 CPEs each year; 60 CPEs by the end of the three-year recertification cycle. Note: it's possible to gain access to 100 CPE credit opportunities for recorded educational sessions led by expert speakers across different topic areas, including the most current issues in cybersecurity and risk, at the 2021 ISC2 Security Congress through Dec. 31.

For more information on the CGRC certification (formerly CAP), check out our CGRC certification hub.


Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.