Top of Page

Online Training

Official (ISC)² CBK Online Training Seminars for the CAP

Please Note: Effective August 15, 2021, the CAP exam will be based on a new exam outline. Some domain names and weights will change. Please refer to the CAP Exam Outline and our FAQs for details.


 CAP Course Overview

This course is designed for the information security practitioner who champions system security commensurate with an organization's mission and risk tolerance, while meeting legal and regulatory requirements. It conceptually mirrors the NIST system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Appendix III.  Led by an (ISC)² authorized instructor, the CAP training seminar provides a comprehensive review of information systems security concepts and industry best practices, covering the 7 domains of the CAP CBK:

  • Risk Management Framework (RMF)
  • Categorization of Information Systems
  • Selection of Security Controls
  • Security Control Implementation
  • Security Control Assessment
  • Information System Authorization
  • Monitoring of Security Controls

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open-ended questions from the instructor to the students, group assignments, matching and poll questions, group activities, open/closed questions, and group discussions. Each activity was developed to support the learning appropriate to the course topic.

This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CAP exam and features:

  • Official (ISC)² courseware
  • Taught by an authorized (ISC)² instructor
  • Student Guide in electronic format
  • Interactive Online Flash Cards
  • Collaboration with classmates
  • Real-world learning activities and scenarios

Who should attend?

The course is intended for students who have at least one full year of experience using the federal Risk Management Framework (RMF) or comparable experience gained from the ongoing management of information system authorizations, such as ISO 27001.

The CAP certification is an objective measure of the knowledge, skills, and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk and damage to assets or individuals.  CAP is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government, including the State Department and the Department of Defense (DoD). See CAP and DoD 8570. Job functions such as authorization officials, system owners, information owners, information system security officers, certifiers, and senior system managers are great fits as CAPs.

The ideal candidate should have the following experience, skills, or knowledge in:

  • IT security
  • Information assurance
  • Information risk management
  • Certification
  • Systems administration
  • One to two years of general technical experience
  • Two years of general systems experience
  • One to two years of database/systems development/network experience
  • Information security policy
  • Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
  • Strong familiarity with NIST documentation

Learning Objectives

After completing this course, the participant will be able to:

  • Describe the historical legal and business considerations that required the development of the Risk Management Framework (RMF), including related mandates.
  • Identify key terminology and associated definitions.
  • Describe the RMF components, including the starting point inputs (architectural description and organization inputs.
  • Describe the core roles defined by the RMF, including primary responsibilities and supporting roles for each RMF step.
  • Describe the core federal statutes, OMB directives, information processing standards (FIPS) and Special Publications (SP), and Department of Defense and Intelligence Community instructions that form the legal mandates and supporting guidance required to implement the RMF.
  • Identify and understand the related processes integrated with the RMF.
  • Identify key references related to RMF Step 1 – Categorize Information Systems.
  • Identify key references related to RMF Step 2 – Select Security Controls.
  • Identify key references related to RMF Step 3 – Implement Security Controls.
  • Identify key references related to RMF Step 4 – Assess Security Controls.
  • Identify key references related to RMF Step 5 – Authorize Information System.
  • Identify key references related to RMF Step 6 – Monitor Security Controls.
Select Certification Dates/Schedule Region
CAP CBK 5-Day Online Instructor-Led NAR Sep 20-24, 2021 [ET] Mon-Fri 0800-1700 ET
Day 1 Sep 20
Day 2 Sep 21
Day 3 Sep 22
Day 4 Sep 23
Day 5 Sep 24
North America ET
CAP CBK 5-Day Online Instructor-Led NAR Oct 11-15, 2021 [ET]
Mon-Fri 0800-1700 [ET]
Day 1: Oct 11
Day 2: Oct 12
Day 3: Oct 13
Day 4: Oct 14
Day 5: Oct 15
North America [NAR] ET