Certified Authorization Professional (CAP®)

CAP Overview
The Certified Authorization Professional (CAP) is an information security practitioner who champions system security commensurate with an organization’s mission and risk tolerance, while meeting legal and regulatory requirements. CAP confirms an individual’s knowledge, skill, and experience required for authorizing and maintaining information systems within the Risk Management Framework as outlined in NIST SP 800-37 Rev 1.

What You'll Learn
Understand risk management program processes
Understand regulatory and legal requirements
Define Information System (IS) and determine Categorization of the IS
Selection of Security Controls
Implement selected security controls
Prepare for and conduct Security Control Assessment
Prepare and review Security Assessment Report
Develop Plan of Action and Milestones (POAM)
Determine IS risks

Domains Effective October 15, 2018
1. Information Security Risk Management Program
2. Categorization of Information Systems (IS)
3. Selection of Security Controls
4. Implementation of Security Controls
5. Assessment of Security Controls
6. Authorization of Information Systems (IS)
7. Continuous Monitoring

Experience Requirements
Candidates must have a minimum of 2 years cumulative work experience in 1 or more of the 7 domains of the CAP CBK.
A candidate that doesn’t have the required experience to become a CAP may become an Associate of (ISC)² by successfully passing the CAP examination. The Associate of (ISC)² will then have 3 years to earn the 2 year required experience.