Skip to content
RMF-CAP Certification Training

RMF-CAP Certification Training

$2,495.00 Per Enrollment

Price Includes:

Courseware and ‘Price & Quality Guarantee’

This (ISC)2 RMF-CAP certification training course is aimed at anyone working in or planning to work in, mid-to higher-level management positions governing information risk and security.

CAP certification maps closely to the NIST Risk Management Framework (RMF) providing candidates a way to validate their understanding of this essential federal risk management process.

Particularly beneficial for federal government employees, where RMF is mandatory, this course will also benefit similar positions in private organizations that are increasingly integrating all or part of the RFM process into their operations.

Led by an (ISC)² skilled instructor, the CAP certification training class provides a comprehensive review of information systems security concepts and industry best practices, covering the 7 domains of the CAP.

CAP certification satisfies DOD 8570 IAT IAM Level I


Got Questions?

For more information about your specific needs, call us at (301) 220 2802 or complete the form below:

No classes currently scheduled, please call for more information.


Days & Times


Learn More About RMF-CAP


Jump To:

    Class Schedule

    • Greenbelt & Live-Online

      05/30/23 - 06/02/23

       Tue-Fri (8:30am-5pm)

    • Greenbelt & Live-Online

      07/24/23 - 07/27/23

       Mon-Thu (8:30am-5pm)

    • Greenbelt & Live-Online

      09/25/23 - 09/28/23

       Mon-Thu (8:30am-5pm)

    • Greenbelt & Live-Online

      11/06/23 - 11/09/23

       Mon-Thu (8:30am-5pm)

    Get your RMF-CAP Certification Training training in our convenient IT training centers in Maryland or Virginia.


    What is RMF?

    The Risk Management Framework (RMF) was created by the National Institute of Standards and Technology (NIST) to help secure Federal information systems. The framework provides standards, processes, and guidelines for risk management in securing computers and networks.

    RMF is a highly structured process that incorporates information security, risk management, and privacy activities into a seven-step system development cycle:

    • Prepare – Setting up the RMF by defining context and priorities for managing privacy and security at the system and organizational levels
    • Categorize – Conduct an impact analysis to determine the chosen information system and the data stored in, processed by, and transmitted by that system
    • Select – Based on the security categorization determine baseline security controls for the chosen information system
    • Implement – Action the previously determined security controls
    • Assess – Have a third party review the security controls and have them ensure those controls are applied to the system properly
    • Monitor – Continuously review security controls within the information system based on the previously documented processes

    While RMF is primarily used throughout the Federal government, some private companies have adopted all or part of the RMF process so that their operations dovetail neatly with their government contracts. More commonly, however, many private companies have adopted NIST's Cybersecurity Framework (CSF), elements of which also align with RMF.


    What is CAP and How is it Related to RMF?

     Certified Authorization Professional (CAP) is an IT certification offered by (ISC)2. Aimed primarily at information security practitioners, CAP certification maps closely to the NIST Risk Management Framework (RMF), providing a way for IT professionals to prove their knowledge of this important federal risk management process.

    CAP training and certification is particularly important for anyone working for the US federal government, but also for those people in private businesses that work or are hoping to work on government contracts. Many organizations around the Washington DC region, including Maryland and Virginia, have adopted all or part of the RMF process in their day-to-day operations.


    If you're looking to progress up the cybersecurity chain of command in an organization you'll need to delve deeper into risk management. RMF-CAP training and certification will prove that you understand the fundamentals of this critical management function and ready you for executive-level positions when the time comes.

    Once you have your security basics down, maybe attained CompTIA Security+, but certainly gained several years experience in IT, RMF-CAP training will take you to the next level and prepare you for management roles.

    TrainACE's RMF/CAP course is designed for IT professionals with some experience in information security.  You will be a practitioner who champions system security commensurate with an organization’s mission and risk tolerance while meeting legal and regulatory requirements.

    RMF-CAP training mirrors the NIST system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Appendix III. Led by a qualified (ISC)² instructor, the CAP training seminar provides a comprehensive review of information systems security concepts and industry best practices, covering the 7 domains of the CAP.

    Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open-ended questions from the instructor to the students, group assignments, matching and poll questions, group activities, open/closed questions, and group discussions. Each activity was developed to support the learning appropriate to the course topic.

    Organizations of all sizes in the Washington DC region understand the importance of information security and continue to invest large sums in relevant technology and skilled personnel. This investment has been validated by the fact that numerous government employees in Information Assurance (IA) positions, and any contractors who serve IA functions, are now required to have a CAP certification. This requirement was initiated as part of the DoD-8570 directive and directly applies to entry and mid-level IT personnel.

    At TrainACE, our (ISC)² classes are taught by certified IT security professionals in Maryland, Virginia, or DC with a minimum of 3 years of teaching experience. Our instructors are also required to have IT security and cybersecurity experience along with additional, supplementary certifications and continued education in the industry. All classes are 32 hours long and available as daytime, evening, or weekend schedules.

    Signup today for our convenient 5-day RMF-CAP boot camp!


    What you need to know before taking RMF-CAP training


    (ISC)² RMF-CAP is a mid-level certification that requires a minimum of two years of documented experience in one or more of the seven CAP domains. You may take the certification exam prior to completing the experience requirement, but you must then complete the experience requirement in order to gain full accreditation.

    This RMF-CAP Bootcamp is appropriate for Managers, system owners, and IT/security personnel that are either transitioning to or implementing risk management fundamentals for the first time.


      What Are the Benefits of RMF-CAP Certification in DC?

      With a large concentration of government and military organizations around the Washington DC region the advantage of gaining mid-level risk management skills should be fairly self-evident. Anyone looking to climb the cybersecurity or risk management career ladder can do well in a region where many security-conscious organizations are based.

        How Long Does RMF-CAP Training Take?

        TrainACE’s RMF-CAP training and certification course is a four-day deep dive into risk management knowledge. It will establish set you on a path to large-scale risk management planning required by higher-level security positions.

        Exam and Certification Requirements:

        For full accreditation, you must have at least two years of cumulative paid work experience in at least one of the seven domains of the CAP Common Body of Knowledge.

        Current CAP exam:

        • 3 hours
        • 125 questions
        • Passing Score 700 out of 1000 points


        Is RMF-CAP Certification Worth It?

        If you work or intend to work, for the US government or military, in any type of information assurance role, being able to validate that you understand RMF processes is essential. Getting your CAP certification is the best way to do that and is certainly worth it.

        Outside of the federal workforce, RMF is increasingly being adopted by companies that work with the government. This is particularly true around Washington DC, Maryland, and Virginia, where a large proportion of IT companies are taking on government contracts that require security-aware technicians.

        Having a CAP level of certification not only proves you understand the technical aspects of risk management but carries with it the assurance that you have a number of years of experience working in the IT security field.


        What will I learn in this RMF-CAP class?

        Topics & Concepts Covered in Our RMF/CAP Training Include:

        • Risk Management Process & Framework

        • Information Security, FISMA, C&A

        • System Identification (SIP)

        • Risk & Its Relation to Threat, Vulnerability & Control Relationships

        • Assessment & Accreditation Process

        • Configuration Management

        • Security Assessment and Authorization

        This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CAP exam and features:

        • Approved (ISC)² courseware

        • Taught by an authorized (ISC)² instructor

        • Student handbook

        • Collaboration with classmates

        • Real-world learning activities and scenarios