ISC2 CGRC® Training Boot Camp (previously CAP)

Transform your career in 3 days

Learn how to maintain and authorize information systems within the NIST Risk Management Framework (RMF). You’ll leave this boot camp with the knowledge and domain expertise needed to pass the Certified in Governance, Risk and Compliance (CGRC) exam the first time you take it.

4.6 (738 ratings)

Affirm Financing available
Exam Pass Guarantee

Course essentials

ISC2 CGRC® training at a glance

  • Method

    Online, in-person, team onsite

  • Duration

    3 days

  • Experience

    1-3 years of experience

  • Average salary

    $115,559

  • Meets 8570.1

    DoD information assurance requirements

What you'll learn

Training overview

Infosec’s CGRC Boot Camp teaches you best practices, policies and procedures used to authorize and maintain information systems. You’ll learn how to use the RMF to support your organization’s operations while complying with legal and regulatory requirements.

The ISC2 Certified in Governance, Risk and Compliance (CGRC) certification is sought after by civilian, state and local governments, as well as system integrators supporting these organizations. You’ll leave with the knowledge and skills necessary to earn your ISC2 CGRC certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements.

Who should attend

Who Should Attend Image
  • Information system security officers
  • Senior system managers
  • System administrators
  • IT and information security professionals who use the RMF
  • Anyone looking to learn more about the NIST-based information systems security authorization process

Award-winning training you can trust

Ready to discuss your training goals? We've got you covered.

Complete the form and book a meeting with a member of our team to explore your learning opportunities.

Sorry, we're unable to load the form at the moment. Please check your browser's settings to confirm the form is not blocked. You can contact us and report the issue here: infosec.info@cengage.com.

Step 1

Step 2

Finish

Step 1

Step 2

Finish

Thanks! We look forward to meeting with you!

What's included

Everything you need to know about Governance, Risk and Compliance Certification (CGRC)

Certification Logo
  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path
  • Unlimited practice exam attempts

What makes the Infosec CGRC prep course different?

You can rest assured that the GRC training and certification materials are fully updated and synced with the latest version of the exam. In addition, you’ll gain access to a CGRC prep course the moment you enroll, so you can prepare for and get the most out of your boot camp.

 

With 20 years of training experience, we stand by our CGRC ISC2 training with an Exam Pass Guarantee. This means if you don’t pass the exam on the first attempt, we’ll pay for your second exam at no additional cost to you!

Before your boot camp

Prerequisites

In order to obtain the Cybersecurity Governance, Risk and Compliance certification certification, you must:

  • Have at least two years of paid work experience in at least one of the seven domains listed in the ISC2 CGRC Common Body of Knowledge (CBK)

However, you can become an Associate of ISC2 by passing the exam without the required work experience.

Syllabus

ISC2 CGRC Training schedule

Preparation (before the boot camp starts)
Infosec Skills 90 day subscription logo

CGRC prep course

Day 1
Morning session

Introduction

Risk Management Framework

  • Understanding the Risk Management Framework
  • Categorization of information system
  • Selection of security controls
  • Security control implementation
  • Security control assessment
  • Information system authorization
  • Monitoring of security controls
Afternoon session

Risk Management Framework continued

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 2
Morning session

Categorize information system

  • Information system
  • System security plan
  • Categorize a system
  • National security system
  • Privacy activities
  • System boundaries
  • Register system
Afternoon session

Select security controls

  • Establish the security control baseline
  • Common controls and security controls inheritance
  • Risk assessment as part of the Risk Management Framework (RMF)
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 3
Morning session

Implement security controls

  • Implement selected security controls
  • Tailoring of security controls
  • Document security control implementation

Assess security controls

  • Prepare for security control assessment
  • Establish security control assessment plan (SAP)
  • Determine security control effectiveness and perform testing
  • Develop initial security assessment report (SAR)
  • Perform initial remediation actions
  • Develop final security assessment report and addendum
Afternoon session

Authorize information system

  • Develop plan of action and milestones (POAM)
  • Assemble security authorization package
  • Determine risk
  • Determine the acceptability of risk
  • Obtain security authorization decision

Monitor security state

  • Determine security impact of changes to system and environment
  • Perform ongoing security control assessments
  • Conduct ongoing remediation actions
  • Update key documentation
  • Perform periodic security status reporting
  • Perform ongoing risk determination and acceptance
  • Decommission and remove system
Evening session

Optional group & individual study

Schedule may vary from class to class

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Meets 8570.1 requirements

Attention DoD Information Assurance workers! This boot camp helps meet U.S. Department of Defense Directive 8570.1 requirements for department employees or contractors engaged in work related to information security.

You're in good company

EH

The instructor was able to take material that prior to the class had made no sense, and explained it in real world scenarios that were able to be understood.

Erik Heiss, United States Air Force
MJ

I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that it could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam, but will help in all exams I take in the future.

Michelle Jemmott, Pentagon
RC

The course was extremely helpful and provided exactly what we needed to know in order to successfully navigate the exam. Without this I am not confident I would have passed.

Robert Caldwell, Salient Federal Solutions

Enroll in a boot camp

January 22, 2025 - January 24, 2025

Online only | Start time: 8:30 AM (Central)

March 11, 2025 - March 13, 2025

Online only | Start time: 8:30 AM (Central)

April 23, 2025 - April 25, 2025

Online only | Start time: 8:30 AM (Central)

May 28, 2025 - May 30, 2025

Online only | Start time: 8:30 AM (Central)

July 9, 2025 - July 11, 2025

Online only | Start time: 8:30 AM (Central)

September 3, 2025 - September 5, 2025

Online only | Start time: 8:30 AM (Central)

October 15, 2025 - October 17, 2025

Online only | Start time: 8:30 AM (Central)

November 24, 2025 - November 26, 2025

Online only | Start time: 8:30 AM (Central)

December 15, 2025 - December 17, 2025

Online only | Start time: 8:30 AM (Central)