Top of Page

CAP Training Course Outline


The Official (ISC)² CAP training provides a comprehensive review of the knowledge required for authorizing and maintaining information systems within the NIST Risk Management Framework. This training course will help students review and refresh their knowledge and identify areas they need to study for the CAP exam. Taught by an ((ISC)²-authorized instructor, training features:

  • Official (ISC)² courseware
  • Interactive flash cards
  • Collaboration with classmates
  • Real-world learning activities and scenarios
  • Post-course assessment

Who Should Attend

The training seminar is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:

  • The U.S. federal government, such as the U.S. Department of State or the Department of Defense (DoD)
  • The military
  • Civilian roles, such as federal contractors
  • Local governments
  • Private sector organizations

Course Agenda

  • Domain 1: Information Security Risk Management Program
  • Domain 2: Categorization of Information Systems (IS)
  • Domain 3: Selection of Security Controls
  • Domain 4: Implementation of Security Controls
  • Domain 5: Assessment of Security Controls
  • Domain 6: Authorization of Information Systems (IS)
  • Domain 7: Continuous Monitoring

Course Delivery Methods


Classroom-Based >

Online Instructor-Ied

Online Instructor-Led >

Private Onsite

Private On-Site >


Course Objectives

After completing this course, the student will be able to:

  • Understand the mandates and processes for the Risk Management Framework (RMF)
  • Understand how to categorize information systems
  • Understand the process to select security controls
  • Understand the systems engineering approach to implement security controls
  • Understand how to assess the effectiveness of security controls
  • Understand the process to authorize an information system
  • Understand the processes required to monitor an information system