ISC Course

course overview

Click to View dates & book now


The Official(ISC)²® Certified Authorization Professional (CAP®) training provides a comprehensive review of the knowledge required for authorizing and maintaining information systems within the NIST Risk Management Framework. This training course will help students review and refresh their knowledge and identify areas they need to study for the CAP exam.Content aligns with and comprehensively covers the sevendomains of the (ISC)² CAPCommon Body of Knowledge (CBK®).

As an (ISC)2 Official Training Provider, we use courseware developed by (ISC)² –creator of the CAPCBK –to ensure your training is relevant and up-to-date. Our instructors are verified security experts who hold the CAP and have completed intensive training to teach(ISC)² content.

Please Note: An exam voucher is included with this course.


This training is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:The military; Civilian roles, such as federal contractors; Local governments; Private sector organizations

Skills Gained

After completing this course you should be able to:

  • Describe the historical legal and business considerations that required the development of the Risk Management Framework (RMF), including related mandates.
  • Identify key terminology and associated definitions.
  • Describe the RMF components, including the starting point inputs (architectural description and organization inputs.
  • Describe the core roles defined by the RMF, including primary responsibilities and supporting roles for each RMF step.
  • Describe the core federal statutes, OMB directives, information processing standards (FIPS) and Special Publications (SP), and Department of Defense and Intelligence Community instructions that form the legal mandates and supporting guidance required to implement the RMF.
  • Identify and understand the related processes integrated with the RMF.
  • Identify key references related to RMF Step 1 –Categorize Information Systems.
  • Identify key references related to RMF Step 2 –Select Security Controls.
  • Identify key references related to RMF Step 3 –Implement Security Controls.
  • Identify key references related to RMF Step 4 –Assess Security Controls.
  • Identify key references related to RMF Step 5 –Authorize Information System.
  • Identify key references related to RMF Step 6 –Monitor Security Controls.


Attendees should meet the following prerequisites:

  • At least one full year of experience using the federal Risk Management Framework (RMF) or comparable experience gained from the ongoing management of information system authorizations, such as ISO 27001.

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.