The (ISC)² CAP® teaches you the best practices, policies, and procedures used to authorize and maintain information systems. You will learn how to use the Risk Management Framework (RMF) to support your organization's operations while complying with legal and regulatory requirements.
The CAP certification is sought after by civilian, state, and local governments, as well as system integrators supporting these organizations. Additionally, you will learn about the purpose of information systems security authorization, describing and deciding when systems authorization is employed, and defining systems authorization, roles, and responsibilities.
Upon boot camp completion, you will have a firm understanding of the legal and regulatory requirements for Assessment and Authorization (A&A), maintaining systems documentation, and much more. You will leave with the knowledge and skills necessary to earn your (ISC)² CAP® certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements.
The exam cost for the (ISC)² CAP® certification exam is included with your enrollment.
Our Certification Success Program, paired with our provided prep materials, boot camp sessions, and post-work, is designed to ease any concerns you may have when taking the certification exam. If your first attempt is unsuccessful, this program provides peace of mind that you may be eligible to take the certification exam a second time (if needed) at no additional fee.
*To qualify for a second certification exam voucher, students must:
- Attend at least 85% of each day of class
- Score a 90% or higher on their final practice exam
- Take the first exam within 90 days of class completion
- Upload your exam failure notice from your first exam attempt
Boot camps are led by instructors that have years of industry experience and are recognized as subject matter experts.
- This course can be taken on either a PC, Mac, or Chromebook.
- A microphone.
- A webcam.
- PC: Windows 7 or later.
- Mac: macOS 10.7 or later.
- Browser: The latest version of Google Chrome or Mozilla Firefox is preferred. Microsoft Edge and Safari are also compatible.
- Microsoft Word Online
- Adobe Acrobat Reader
- Zoom Meetings
- Software must be installed and fully operational before the course begins.
- Email capabilities and access to a personal email account.
Instructional Material Requirements:
The student materials required for this course are included in enrollment and will be available online.
- Risk Management Framework
- Understanding the Risk Management Framework
- Categorization of information system
- Selection of security controls
- Security control implementation
- Security control assessment
- Information system authorization
- Monitoring of security controls
- RMF Steps
- Risk Management Framework Processes
- Categorize Information Systems
- Information system
- System security plan
- Categorize a system
- National security system
- Privacy activities
- System boundaries
- Register system
- Select Security Controls
- Establish the security control baseline
- Common controls and security controls inheritance
- Risk assessment as part of the Risk Management Framework (RMF)
- Implement Security Controls
- Implement selected security controls
- Tailoring of security controls
- Document security control implementation
- Assess Security Controls
- Prepare for security control assessment
- Establish security control assessment plan (SAP)
- Determine security control effectiveness and perform testing
- Develop initial security assessment report (SAR)
- Perform initial remediation actions
- Develop final security assessment report and addendum
- Authorize Information Systems
- Develop plan of action and milestones (POAM)
- Assemble security authorization package
- Determine risk
- Determine the acceptability of risk
- Obtain security authorization decision
- Monitor Security State
- Determine security impact of changes to system and environment
- Perform ongoing security control assessments
- Conduct ongoing remediation actions
- Update key documentation
- Perform periodic security status reporting
- Perform ongoing risk determination and acceptance
- Decommission and remove system