Top of Page

CAP Training Course Outline

Official (ISC)² CBK Training Seminar for the CAP

This course is designed for the information security practitioner responsible for system security commensurate with an organization's mission and risk tolerance, while meeting legal and regulatory requirements. It conceptually mirrors the NIST system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Managing Information as a Strategic Resource. The CAP training seminar provides a comprehensive review of information systems security concepts and industry best practices, covering the seven domains of the CAP CBK. Taught by an (ISC)²-authorized instructor, training features:

Who Should Attend

This course is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in federal government, military, civilian roles, local governments and private sector organizations. Roles include:

  • ISSOs, ISSMs and other infosec/information assurance practitioners who are focused on security assessment and authorization (traditional C&A) and continuous monitoring issues.
  • Executives who must "sign off" on Authority to Operate (ATO).
  • Inspector generals (IGs) and auditors who perform independent reviews.
  • Program managers who develop or maintain IT systems.
  • IT professionals interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management.

Course Agenda

  • Domain 1: Information Security Risk Management Program
  • Domain 2: Categorization of Information Systems (IS)
  • Domain 3: Selection of Security Controls
  • Domain 4: Implementation of Security Controls
  • Domain 5: Assessment of Security Controls
  • Domain 6: Authorization of Information Systems (IS)
  • Domain 7: Continuous Monitoring

Please Note: Effective August 15, 2021, the CAP exam will be based on a new exam outline. Some domain names and weights will change. Please refer to the CAP Exam Outline and our FAQs for details.

Course Delivery Methods


Course Objectives

After completing this course, the student will be able to:

  • Identify and describe the steps and tasks within the NIST Risk Management Framework (RMF).
  • Describe the roles associated with the RMF and how they are assigned to tasks within the RMF.
  • Execute tasks within the RMF process based on assignment to one or more RMF roles.
  • Explain organizational risk management and how it is supported by the RMF.