Certified in Governance, Risk and Compliance
- Course Code CGRC
- Duration 5 days
Course Delivery
Jump to:
Course Delivery
This course is available in the following formats:
-
Company Event
Event at company
-
Public Classroom
Traditional Classroom Learning
Request this course in a different delivery format.
Course Overview
TopThe Official(ISC)²® Certified Authorization Professional (CAP®) training provides a comprehensive review of the knowledge required for authorizing and maintaining information systems within the NIST Risk Management Framework. This training course will help students review and refresh their knowledge and identify areas they need to study for the CAP exam.Content aligns with and comprehensively covers the sevendomains of the (ISC)² CAPCommon Body of Knowledge (CBK®).
As an (ISC)2 Official Training Provider, we use courseware developed by (ISC)² –creator of the CAPCBK –to ensure your training is relevant and up-to-date. Our instructors are verified security experts who hold the CAP and have completed intensive training to teach(ISC)² content.
Please Note: An exam voucher is included with this course.
Course Schedule
TopTarget Audience
TopThis training is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:The military; Civilian roles, such as federal contractors; Local governments; Private sector organizations
Course Objectives
TopAfter completing this course you should be able to:
- Describe the historical legal and business considerations that required the development of the Risk Management Framework (RMF), including related mandates.
- Identify key terminology and associated definitions.
- Describe the RMF components, including the starting point inputs (architectural description and organization inputs.
- Describe the core roles defined by the RMF, including primary responsibilities and supporting roles for each RMF step.
- Describe the core federal statutes, OMB directives, information processing standards (FIPS) and Special Publications (SP), and Department of Defense and Intelligence Community instructions that form the legal mandates and supporting guidance required to implement the RMF.
- Identify and understand the related processes integrated with the RMF.
- Identify key references related to RMF Step 1 –Categorize Information Systems.
- Identify key references related to RMF Step 2 –Select Security Controls.
- Identify key references related to RMF Step 3 –Implement Security Controls.
- Identify key references related to RMF Step 4 –Assess Security Controls.
- Identify key references related to RMF Step 5 –Authorize Information System.
- Identify key references related to RMF Step 6 –Monitor Security Controls.
Course Content
Top- Domain 1: Information Security Risk Management Program
- Domain 2: Categorization of Information Systems (IS)
- Domain 3: Selection of Security Controls
- Domain 4: Implementation of Security Controls
- Domain 5: Assessment of Security Controls
- Domain 6: Authorization of Information Systems (IS)
- Domain 7: Continuous Monitoring
Course Prerequisites
TopAttendees should meet the following prerequisites:
- At least one full year of experience using the federal Risk Management Framework (RMF) or comparable experience gained from the ongoing management of information system authorizations, such as ISO 27001.
Test Certification
TopRecommended as preparation for the following exams:
- (ISC)2 Certified Authorization Professional.
Candidates must have a minimum of 2 years cumulative work experience in 1 or more of the 7 domains of the CAP CBK.
A candidate that doesn’t have the required experience to become a CAP may become an Associate of (ISC)² by successfully passing the CAP examination. The Associate of (ISC)² will then have 3 years to earn the 2-year required experience.