The Certified Authorization Professional (CAP) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in accordance with legal and regulatory requirements.
The broad spectrum of topics included in the CAP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following 7 domains:
- Information Security Risk Management Program
- Categorization of Information Systems (IS)
- Selection of Security Controls
- Implementation of Security Controls
- Assessment of Security Controls
- Authorization of Information Systems (IS)
- Continuous Monitoring
Candidates must have a minimum of 2 years cumulative work experience in 1 or more of the 7 domains of the CAP CBK.
A candidate that doesn’t have the required experience to become a CAP may become an Associate of (ISC)2 by successfully passing the CAP examination. The Associate of (ISC)2 will then have 3 years to earn the 2 year required experience.
CAP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024.
CAP Examination Information
- Length of exam: 3 hours
- Number of questions: 125
- Question format: Multiple choice