ISC2 Governance, Risk, and Compliance Certification (CGRC™) Training Boot Camp (previously CAP®)

The ISC2 Certified in Governance, Risk, and Compliance (CGRC™), previously known as Certified Authorization Professional (CAP®), teaches you the best practices, policies, and procedures used to authorize and maintain information systems. You will learn how to use the Risk Management Framework (RMF) to support your organization's operations while complying with legal and regulatory requirements.

The CGRC certification is sought after by civilian, state, and local governments, as well as system...

SHARE
3 Days
Open Enrollment
View Session Dates
Offered in partnership with your preferred school

George Mason University

Change School
Learning method

for additional information

ISC2 Governance, Risk, and Compliance Certification (CGRC™) Training Boot Camp (previously CAP®)

Enroll Now

Course code: LBC102

What you will learn

  • Initiating the authorization process
  • Establishing authorization boundaries
  • Determining security categorization
  • Performing initial risk assessment
  • Selecting and refining security controls
  • Documenting security control
  • Performing certification phase
  • Assessing security control
  • Documenting results
  • Conducting final risk assessments
  • Generating and presenting an authorization report
  • Performing continuous monitoring
  • Monitoring security controls
  • Monitoring and assessing changes that affect the information system
  • Performing security impact assessment as needed
  • Documenting and monitoring results of impact assessments

How you will benefit

  • Learn how to use the RMF to support your organization's operations while complying with legal and regulatory requirements
  • Focus on preparing for the CGRC certification exam through drill sessions, review of the entire CAP Body of Knowledge, and practical question and answer scenarios—all following a high-energy seminar approach
  • The CGRC is the only certification under the DoD8570 mandate that aligns with each RMF step
  • Show employers you have the advanced technical skills and knowledge to authorize and maintain information systems within the RMF using best practices, policies, and procedures
  • The CGRC certification is sought after by civilian, state, and local governments, as well as system integrators supporting these organizations.
  • Leave with the knowledge and skills necessary to earn your ISC2 CGRC certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements

How the course is taught

  • Live Online, Instructor-Moderated
  • 3 Days to complete Boot Camp
  • 90-day extended access to all boot camp materials
  1. Day 1
    1. Risk Management Framework
      1. Understanding the Risk Management Framework
      2. Categorization of information system
      3. Selection of security controls
      4. Security control implementation
      5. Security control assessment
      6. Information system authorization
      7. Monitoring of security controls
    2. Risk Management Framework Processes
  2. Day 2
    1. Categorize Information Systems
      1. Information system
      2. System security plan
      3. Categorize a system
      4. National security system
      5. Privacy activities
      6. System boundaries
      7. Register system
    2. Select Security Controls
      1. Establish the security control baseline
      2. Common controls and security controls inheritance
      3. Risk assessment as part of the Risk Management Framework (RMF)
  3. Day 3
    1. Implement Security Controls
      1. Implement selected security controls
      2. Tailoring of security controls
      3. Document security control implementation
    2. Assess Security Controls
      1. Prepare for security control assessment
      2. Establish security control assessment plan (SAP)
      3. Determine security control effectiveness and perform testing
      4. Develop initial security assessment report (SAR)
      5. Perform initial remediation actions
      6. Develop final security assessment report and addendum
    3. Authorize Information Systems
      1. Develop plan of action and milestones (POAM)
      2. Assemble security authorization package
      3. Determine risk
      4. Determine the acceptability of risk
      5. Obtain security authorization decision
    4. Monitor Security State
      1. Determine security impact of changes to system and environment
      2. Perform ongoing security control assessments
      3. Conduct ongoing remediation actions
      4. Update key documentation
      5. Perform periodic security status reporting
      6. Perform ongoing risk determination and acceptance
      7. Decommission and remove system

Boot camp

Boot camps are led by instructors that have years of industry experience and are recognized as subject matter experts.

Prerequisites:

This course is intended for information system security officers, senior system managers, system administrators, and IT and information security professionals who use the RMF.

Certification Requirements:

In order to meet the CGRC certification requirements, you must have at least two years of paid work experience in at least one of the seven domains listed in the ISC2 CGRC™ Common Body of Knowledge (CBK). However, you can become an Associate of ISC2 by passing the exam without the required work experience.

Requirements:

Hardware Requirements:

  • This course can be taken on either a PC, Mac, or Chromebook.
  • A microphone.
  • Speakers.
  • A webcam.

Software Requirements:

  • PC: Windows 7 or later.
  • Mac: macOS 10.7 or later.
  • Browser: The latest version of Google Chrome or Mozilla Firefox is preferred. Microsoft Edge and Safari are also compatible.
  • Microsoft Word Online
  • Adobe Acrobat Reader
  • Zoom Meetings
  • Software must be installed and fully operational before the course begins.

Other:

  • Email capabilities and access to a personal email account.

Instructional Material Requirements:

The student materials required for this course are included in enrollment and will be available online.

The Certified in Governance, Risk, and Compliance (CGRC), previously known as Certified Authorization Professional (CAP certification), is designed to help you demonstrate to employers that you have the skills to advocate for the security risk management of the organization in accordance with legal and regulatory requirements. This allows you to pursue information security authorization as an information security practitioner.

According to Burning Glass Technologies, an analytics software company that provides real-time data on job growth, skills in demand, and labor market trends, the salary of IT professionals with Certified in Governance, Risk, and Compliance certification can vary based on location and experience level. However, once you have completed the CGRC (previously CAP) program, on average, you can expect to earn an annual salary of $88,450.

Yes, you will be prepared for the ISC2 CGRC™ –Certified in Governance, Risk, and Compliance exam. To sit for the exam, you will need to meet the following requirements:

  • At least two years of paid work experience in at least one of the seven domains listed in the ISC2 CGRC Common Body of Knowledge (CBK)
  • However, you can become an Associate of ISC2 by passing the exam without the required work experience.

You can register for the boot camp whenever you are ready. Our team will help you select the session that will best fit you.

The boot camp is 3 days in length. You will have 3 months from the completion of the boot camp to access all boot camp materials.

The boot camp instructor will be available during the session to answer any questions. You will also have access to the Infosec Skills platform, where you will be able to create support requests as needed.

Upon successful completion of your boot camp session, you will be awarded a certificate of completion from Infosec and the school or organization that you registered through.

ed2go courses will help you gain the skills and knowledge you need to take the next step in your career and stand out to potential employers. However, you should always research the job market in your area before enrolling.

ed2go courses are non-credit, so they do not qualify for federal aid, FAFSA, and Pell Grant. In some states, vocational rehab or workforce development boards may provide funding to take our courses. Additionally, you may qualify for financial assistance if you meet certain requirements. Learn more about financial assistance.

If you have questions that are not answered on our website, representatives are available via LIVE chat. You can also call us at 1-877-221-5151 during regular business hours to have your questions promptly answered. If you are visiting us during non-business hours, please send us a question using the "Contact Us."