Certified Authorization Professional (CAP)
Credential: Certified Authorization Professional (CAP)
Credentialing Agency: International Information Systems Security Certification Consortium, Inc. (ISC)²
Renewal Period: 3 years
The International Information Systems Security Certification Consortium Inc. (ISC 2), Certified Authorization Professional (CAP) is ideal for IT, information security and information assurance practitioners and contractors seeking to prove their understanding of the RMF. It is evidence candidates have the advanced knowledge and technical ability to formalize processes to assess risk and establish security documentation. Candidates must pass a written exam and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)² CAP Common Body of Knowledge (CBK).
More information can be found on the certifying agency's website.
Certified Authorization Professional (CAP)
MINIMUM REQUIREMENTS
Attainability:
Eligibility Requirements (View Details)
- Credential Prerequisite
- Experience: 2 years
- Education
- Training
- Membership
- Other
- Fee
Note: This credential may have multiple options for a Service member to meet eligibility requirements. Requirements listed here are based on the minimum degree required. To view other options, see the Eligibility tab.
Exam Requirements (View Details)
- Exam
- Written Exam
- Oral Exam
- Practical Exam
- Performance Assessment
Exam Administration (View Details)
- In-person exam
- Remote proctored on-line exam
- Third-party test vendor
RECERTIFICATION SUMMARY
Renewal Period: 3 years
AGENCY CONTACT INFORMATION
International Information Systems Security Certification Consortium, Inc. (ISC)²
311 Park Place Blvd
Suite 400
Clearwater, FL 33759
Phone: (866) 331-4722
Fax: (703) 356-7977
Email: communications@isc2.org
Experience REQUIREMENTS
Candidate must have at least two years of cumulative, paid full-time work experience in one or more of the seven domains.
Other REQUIREMENTS
The Certified Authorization Professional (CAP) credential has the following other requirements:
- Candidate must subscribe to the International Information Systems Security Certification Consortium, Inc. (ISC)2 Code of Ethics.
- Anyone who passes a CAP exam must have their qualifications endorsed by another (ISC2) credential holder.
Written Exam
-
Information Security Risk Management Program (15%)
- Understand the Foundation of an Organization-Wide Information Security Risk Management Program
- Understand Risk Management Program Processes
- Understand Regulatory and Legal Requirements
-
Categorization of Information Systems (IS) (13%)
- Define the Information System (IS)
- Determine Categorization of the Information System (IS)
-
Selection of Security Controls (13%)
- Identify and Document Baseline and Inherited Controls
- Select and Tailor Security Controls
- Develop Security Control Monitoring Strategy
- Review and Approve Security Plan (SP)
-
Implementation of Security Controls (15%)
- Implement Selected Security Controls
- Document Security Control Implementation
-
Assessment of Security Controls (14%)
- Prepare for Security Control Assessment (SCA)
- Conduct Security Control Assessment (SCA)
- Prepare Initial Security Assessment Report (SAR)
- Review Interim Security Assessment Report (SAR) and Perform Initial Remediation Actions
- Develop Final Security Assessment Report (SAR) and Optional Addendum
-
Authorization of Information Security (IS) (14%)
- Develop Plan of Action and Milestones (POAM)
- Assemble Security Authorization Package
- Determine Information System (IS) Risk
- Make Security Authorization Decision
-
Continuous Monitoring (16%)
- Determine Security Impact of Changes to Information Systems (IS) and Environment
- Perform Ongoing Security Control Assessments (SCA)
- Conduct Ongoing Remediation Actions (e.g., resulting from incidents, vulnerability scans, audits, vendor updates)
- Update Documentation
- Perform Periodic Security Status Reporting
- Perform Ongoing Information System (IS) Risk Acceptance
- Decommission Information System (IS)
Exam Preparation Resources
There are a number of resources available to help you prepare for the Certified Authorization Professional (CAP) examination:
- Best Sources
- General References
- Related Courses
An additional resource is O'Reilly Learning Safari Books Online, a searchable digital library that provides online access to thousands of books, training videos and conference sessions. See the Educational Resources section on the Related Sites page here on COOL to learn how to get free access.
Testing Information
-
Exam Administration
Credential exams may be administered in-person at a testing site, proctored on-line remotely, or have options for both. If an exam is administered through a test vendor, the third-party test vendor box will be checked. The following test administration options apply to the Certified Authorization Professional (CAP) credential where checked:
- In-person exam
- Remote proctored on-line exam
- Third-party test vendor
For more information on the International Information Systems Security Certification Consortium, Inc. (ISC)² testing process, visit the agency website.
-
Third-Party Test Vendor Information
Testing for this credential is handled by the following vendor:
Pearson VUE
The test centers are located in the U.S. They also have some test centers on military bases.
To find out more, use the following links on the Pearson VUE website:
- Search for Testing Program
- Learn About Testing for Military Communities
- Agency/Certification Specific Testing Information
- Contact Pearson VUE
RECERTIFICATION
Certified Authorization Professional (CAP)
Renewal Period: 3 years
Additional considerations for the Certified Authorization Professional (CAP) include:
- A candidate who doesn’t yet have the required experience to become a CAP may become an Associate of (ISC)2 after successfully passing the CAP exam. The Associate of (ISC)² will then have three years to earn the experience needed for CAP certification.