Trending Courses

Vendors

Skip Navigation Links

Overview

Official ISC2 Training Seminar for the Governance, Risk and Compliance Certification (CGRC) provides a comprehensive
review of the knowledge required for authorizing and maintaining information systems within the NIST Risk
Management Framework.
img-course-overview.jpg

What You'll Learn

After completing this course, the student will be able to: 

• Identify and describe the steps and tasks within the NIST Risk Management Framework (RMF).
• Apply common elements of other risk management frameworks using the RMF as a guide.
• Describe the roles associated with the RMF and how they are assigned to tasks within the RMF.
• Execute tasks within the RMF process based on assignment to one or more RMF roles.
• Explain organizational risk management and how it is supported by the RMF.

Who Should Attend

This course is for individuals planning to pursue the CAP certification. The CAP is ideal for IT, information security and
information assurance practitioners and contractors who use the RMF in federal government, military, civilian roles,
local governments and private sector organizations.
img-who-should-learn.png

Prerequisites

There are no prerequisites.

Learning Journey

Coming Soon...

This course covers the following chapters and learning objectives:

Chapter 1: Prepare (10 Modules)
• Explain the purpose and value of preparation.
• Identify references associated with the Prepare step.
• Identify other risk management frameworks and their relationship to RMF tasks.
• Identify relevant security and privacy regulations.
• List the references, processes and outcomes that define:
o RMF Task P-1: Risk Management Roles
o RMF Task P-2: Risk Management Strategy
o RMF Task P-3: Risk Assessment – Organization
o RMF Task P-14: Risk Assessment – System
o RMF Task P-4: Organizationally Tailored Control Baselines and Cybersecurity Framework 
Profiles
o RMF Task P-5: Common Control Identification
o RMF Task P-6: Impact-Level Prioritization
o RMF Task P-7: Continuous Monitoring Strategy – Organization
o RMF Task P-8: Mission or Business Focus
o RMF Task P-9: System Stakeholders
o RMF Task P-10: Asset Identification
o RMF Task P-11: Authorization Boundary
o RMF Task P-12: Information Types
o RMF Task P-13: Information Life Cycle
o RMF Task P-15: Requirements Definition
o RMF Task P-16: Enterprise Architecture
o RMF Task P-17: Requirements Allocation
o RMF Task P-18: System Registration
• Complete selected Prepare Tasks for the example system.
Chapter 2: Categorize (5 Modules)
• Explain the purpose and value of categorization.
• Identify references associated with the Categorize step.
• List the references, processes, and outcomes that define Risk Management Framework (RMF) Task C-1: 
System Description.
• Describe a system’s architecture.
• Describe an information system’s purpose and functionality.
• Describe and document a system’s characteristics.
• List the references, processes and outcomes that define RMF Task C-2: Security Categorization.
• Categorize an information system.
• List the references, processes and outcomes that define RMF Task C-3: Security Categorization Review and 
Approval.
• Describe the review and approval process for security categorization.
• Categorize the example systems.
Chapter 3: Select (7 Modules)
• Explain the purpose and value of control selection and allocation.
• Identify references associated with the Select step.
• Relate the ISO 27001 Statement of Applicability to the NIST RMF.
• List the references, processes and outcomes that define RMF Task S-1: Control Selection.
• List the references, processes and outcomes that define RMF Task S-2: Control Tailoring.
• Select appropriate security control baselines based on organizational guidance.
• Tailor controls for a system within a specified operational environment.
• List the references, processes and outcomes that define RMF Task S-3: Control Allocation.
• List the references, processes and outcomes that define RMF Task S-4: Documentation of Planned Control 
Implementations.
• Allocate security and privacy controls to the system and to the environment of operation.
• Document the controls for the system and environment of operation in security and privacy plans.
• List the references, processes and outcomes that define RMF Task S-5: Continuous Monitoring Strategy -
System.
• Develop and implement a system-level strategy for monitoring control effectiveness that is consistent with 
and supplements the organizational continuous monitoring strategy.
• List the references, processes and outcomes that define RMF Task S-6: Plan Review and Approval.
• Review and approve the security and privacy plans for the system and the environment of operation.
• Allocate security controls for the example system.
• Tailor security controls for the example system.
• Draft a continuous monitoring plan for the example system.
Chapter 4: Implement (5 Modules)
• Explain the purpose and value of implementation.
• Identify references associated with the Implement step.
• List the references, processes and outcomes that define RMF Task I-1: Control Implementation.
• Identify appropriate implementation guidance for control frameworks.
• Integrate privacy requirements with system implementation.
• List the references, processes and outcomes that define RMF Task I-2: Update Control Implementation 
Information.
• Update a continuous monitoring strategy.
• Update a control implementation plan.
Chapter 5: Assess (6 Modules)
• Explain the purpose and value of assessment.
• Identify references associated with the Assess step.
• Understand and identify common elements of the NIST process that are included in other frameworks and 
processes.
• List the references, processes and outcomes that define RMF Task A-1: Assessor Selection
• List the references, processes and outcomes that define RMF Task A-2: Assessment Plan.
• List the references, processes and outcomes that define RMF Task A-3: Control Assessment.
• List the references, processes and outcomes that define RMF Task A-4: Assessment Reports.
• List the references, processes and outcomes that define RMF Task A-5: Remediation Actions.
• List the references, processes and outcomes that define RMF Task A-6: Plan of Action and Milestones.
• Develop an assessment plan for identified controls in the example system.
• Develop a remediation plan for unsatisfied controls in the example system.
Chapter 6: Authorize (6 Modules)
• Explain the purpose and value of authorization.
• Identify references associated with the Authorize step.
• Relate system approvals under organizational processes to the concepts applied in the NIST RMF.
• List the references, processes and outcomes that define RMF Task R-1: Authorization Package.
• List the references, processes and outcomes that define RMF Task R-2: Risk Analysis and Determination.
• List the references, processes and outcomes that define RMF Task R-3: Risk Response.
• List the references, processes and outcomes that define RMF Task R-4: Authorization Decision.
• List the references, processes and outcomes that define RMF Task R-5: Authorization Reporting.
• Develop a risk determination for the example system on the system risk level.
• Authorize the system for operation.
• Determine appropriate elements for the Authorization decision document for the example system.
Chapter 7: Monitor (8 Modules)
• Explain the purpose and value of monitoring.
• Identify references associated with the Monitor step.
• List the references, processes and outcomes that define RMF Task M-1: System and Environment Changes.
• (Coordinate) Integrate cybersecurity risk management with organizational change management.
• List the references, processes and outcomes that define RMF Task M-2: Ongoing Assessments.
• Monitor risks associated with supply chain.
• List the references, processes and outcomes that define RMF Task M-3: Ongoing Risk Response.
• Understand elements for communication surrounding a cyber event.
• List the references, processes and outcomes that define RMF Task M-4: Authorization Package Updates.
• List the references, processes and outcomes that define RMF Task M-5: Security and Privacy Reporting.
• List the references, processes and outcomes that define RMF Task M-6: Ongoing Authorization.
• List the references, processes and outcomes that define RMF Task M-7: System Disposal.
• Discuss Monitor step activities in the example system.
Chapter 8: CAP Certification Information
This chapter covers important information about the experience requirements for the Certified Authorization 
Professional (CAP) certification and ISC2 exam policies and procedures. Details were based on information as of 
August 2021. It is recommended that learners go to the ISC2 website www.isc2.org for the most up-to-date 
information on certification requirements and the exam process.
CGRC Certification

Frequently Asked Questions (FAQs)

  • Why get ISC2 certified?

    ISC2 certifications are globally recognized and demonstrate your expertise and commitment to the highest standards of cybersecurity practice.

    These certifications can enhance your career prospects, increase your earning potential, and open doors to leadership positions in the cybersecurity industry.


  • What to expect for the examination?

    ISC2 exams are comprehensive assessments that test your knowledge and understanding of cybersecurity concepts, principles, and best practices.

    Exam formats may include multiple-choice questions, scenario-based questions, and advanced innovative item types.

    Note: Certification requirements and policies may be updated by ISC2 from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is ISC2 certification valid for?

    ISC2 certifications are typically valid for three years.

    To maintain your certification, you must earn and submit Continuing Professional Education (CPE) credits annually. annual maintenance fee as well as complying with the annual CPE audit if selected.

    Note: Certification requirements and policies may be updated by ISC2 from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career."

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By ISC2

Browse All Courses
ccsp-certified-cloud-security-professional-training
Cloud Security

Certified Cloud Security Professional

Be recognized with CCSP Cloud security certification for your career and be the guardian of critical assets with Cloud.
ILT VILT
Course Duration 5 Days
cissp-certified-information-system-security-professional-training
Cyber Security

Certified Information System Security Professional

Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program.
ILT VILT
Course Duration 5 Days
sscp-systems-security-certified-practitioner-training
ISC²

Systems Security Certified Practitioner

This training course will help students review and refresh their knowledge and identify areas they need to study for the SSCP exam. Content aligns with and comprehensively covers the seven domains of
ILT VILT
Course Duration 5 Days
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name
Email
Phone
I'm inquiring for
Inquiry Details

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2025. All rights reserved.