(ISC)2 CAP Boot Camp (ISC2CAPBC)

Course Description Schedule Course Outline

Who should attend

Employees such as authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers, including system administrators, information security professionals, or anyone involved in a NIST-based certification and accreditation process.


After completing Fast Lane’s (ISC)2 CAP Boot Camp Program, you will be prepared to take the (ISC)2 Certification exam. You will need to schedule for and provide your own transportation to the actual exam, and should plan on taking the exam soon after the class. Note that the CAP exam is updated regularly by (ISC)2, and the new version of the Candidate Information Bulletin is effective as of March 13, 2010.

Class Prerequisites

The CAP certification program is targeted at professionals with at least two years of experience in information systems security certification and accreditation. To achieve the CAP credential, you need a minimum of two years of direct full-time information systems security certification and accreditation professional experience in one or more of these five (ISC)² CAP domains:

  • Understanding the Purpose of Certification
  • Initiation of the System Authorization Process
  • Certification Phase
  • Accreditation Phase
  • Continuous Monitoring Phase

What You Will Learn

Upon completing our two-day (ISC)2 CAP Boot Camp you will gain valuable knowledge and skills including the ability to:

  • Understand the Purpose of Certification and Accreditation
  • Define Systems Authorization
  • Describe and Decide When Systems Authorization Is Employed
  • Define Roles and Responsibilities
  • Understand the Legal and Regulatory Requirements for C&A
  • Initiate the C & A Process
  • Establish Accreditation Boundaries
  • Determine Security Categorization
  • Perform Initial Risk Assessment
  • Select and Refine Security Controls
  • Document Security Control
  • Perform Certification Phase
  • Assess Security Control
  • Document Results
  • Understand Accreditation Phase
  • Conduct Final Risk Assessment
  • Generate and Present an Accreditation Report
  • Perform Continuous Monitoring
  • Monitor Security Controls
  • Monitor and Assess Changes That Affect the Information System
  • Perform Security Impact Assessment As Needed
  • Document and Monitor Results of Impact Assessments
  • Re-enter C&A Process As Needed
  • Maintain System Documentation (e.g., POA&M, SSP, Interconnection Agreements)


What’s included?

Fast Lane’s Cyber Security expert instructors come to class prepared with years of experience performing Certification and Accreditation work for multiple federal government agencies.

Only Fast Lane's two-day (ISC)2 CAP® Boot Camp offers the following benefits:

  • Two full days of the best CAP training in the industry
  • First-class exclusive curriculum
  • In-person access to the top security experts in the industry
  • Fast Lane's proprietary practice questions
  • The Fast Lane (ISC)2 CAP Boot Camp Resource Kit: Comprehensive up-to-date (updated quarterly) compendium of all relevant ISSE publications and related referenced materials within the ISC2 Candidate Information Bulletin, available from the Fast Lane Community Site. The exam is constantly changing to reflect the more recent regulatory updates.
  • Patrick Howard’s Building and Implementing a Security Certification and Accreditation Program: OFFICIAL (ISC)2 GUIDE to the CAP CBK (Hardcover)
  • Exam study guidance by a CAP course instructor before and after class
  • Opportunity to re-sit a classroom-based course for up to one year
  • Lunch, beverages and snacks provided on each day of class

Outline: (ISC)2 CAP Boot Camp (ISC2CAPBC)


Understand the Purpose of System Authorization

  • Define Security Authorization
  • Employ Applicable Security Authorization Process
  • Describe and Decide When Security Authorization Is Employed
  • Define Roles and Responsibilities
  • Understand the Legal and Regulatory Requirements For Security Authorization
  • Understand Common Controls and Security Control Inheritance
  • Risk Management Framework (RMF) Phases
  • SDLC and RMF and the Security Authorization Process

Initiate the Preparation Phase

  • The Information System and Security Authorization Boundaries
  • Determine Security Categorization
  • Select and Refine Security Controls
  • Document Security Control
  • Update the Security Plan
  • Develop Plan of Action and Milestones (POA&M)


Perform Execution Phase

  • Assemble Security Authorization Package
  • Determine Risk
  • Determine the Acceptability of the Risk
  • Obtain Security Authorization

Perform Maintenance Phase

  • Monitor Security Controls and Strategy
  • Document Security Impact of Changes
  • Perform Patch Management
  • Understand and Validate Incident Response Process
  • Perform Vulnerability Assessment
  • Address Planned and Unplanned System Changes
  • Follow Change Management Process
  • Respond to Environmental and Legislative Changes
  • Perform Security Impact Assessment As Needed
  • Document Monitoring and Results Of Impact Assessment
  • Re-enter System Authorization Process As Needed
  • Maintain System Documentation
  • Decommission and Remove System
Classroom Training

Duration 3 days

  • United States: US$ 875
Enroll now
Online Training
Enroll now