Certified Authorization Professional
Prove Your Security Expertise Within the Risk Management Framework (RMF)
You’re constantly on the lookout for system risks and vulnerabilities. Take your commitment to security assessment and authorization to a new level with the CAP certification. This leading information security certification proves you’re an expert aligning information systems with the Risk Management Framework (RMF).
The CAP certification covers the RMF at an extensive level. And it’s the only certification under the DoD8570 Mandate that aligns to each of the RMF steps.
The CAP shows you have the knowledge, skills and abilities to authorize and maintain information systems within the RMF. Specifically, it validates that you know how to formalize processes to assess risk and establish security documentation throughout the entire lifecycle of a system.
Start on the path to your CAP today.
Get To Know The CAP
Get the Needed Experience
To qualify for the CAP certification, you must have:
- A minimum of two years cumulative, paid, full-time work experience
- In one or more of the seven domains of the CAP Common Body of Knowledge (CBK)
Don’t have enough work experience yet? You can take and pass the CAP exam to earn an Associate of (ISC)2 designation. Then, you’ll have up to three years to earn your required work experience for the CAP.
Create an Account at Pearson VUE and Schedule Your Exam
To schedule an exam, you must create an account at Pearson VUE. Pearson VUE is the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website. Once you’ve set up your account and are ready to register, you’ll need to:
- Complete the Examination Agreement. You agree to the truth of your assertions regarding professional experience. You also legally commit to the adherence of the (ISC)² Code of Ethics.
- Review the Candidate Background Questions.
- Pay the exam fee.
Pass the Exam
This is the day to show your greatness! You’ll have three hours to complete the 125 exam questions. You must pass the exam with a scaled score of 700 points or greater. Want more details? Read the exam scoring FAQs.
Subscribe to the (ISC)² Code of Ethics and Get Endorsed
Let’s say you pass the exam. Then what? Before this cybersecurity certification can be awarded, you have to:
- Subscribe to the (ISC)² Code of Ethics.
- Have your application endorsed.
Your endorsement form must be completed and signed by an (ISC)² certified professional. He or she needs to be an active member who can confirm your professional experience. (ISC)² can endorse you if you can’t find a certified individual You have nine months from the date of the exam to complete these steps. If you don’t, you have to retake the exam to get certified. Want to learn more? Read the endorsement assistance guidelines.
Whether you’re in DoD cybersecurity or you protect a private company, there are a number of reasons to earn your CAP certification:
- Credibility and marketability. Earning the CAP is a powerful way to validate your knowledge. It shows you thoroughly understand information security and risk management processes and procedures. You’ll stand out and be more competitive.
- Better opportunities. Holding the CAP certification makes you more versatile. It can help you move up and advance your career. If you’re a contractor, it can lead to better choice in assignments.
- Growth and learning. From exam prep to continuing education, the CAP offers many ways to expand your knowledge. You can stay up-to-date with new technologies and risks.
- Increased compensation. While pay practices vary, many CAPs find that this certification leads to increases in salary.
What the Industry Is Saying About the CAP
- Listed on the Certification Salary Survey 75 list with an annual salary of USD$124,610 in 2016 — Certification Magazine
The CAP is ANSI-Accredited
The CAP certification is accredited by the American National Standards Institute (ANSI). This means it complies with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. Why is accreditation important when choosing a certification program? Visit the Institute for Credentialing Excellence website for details.
The CAP is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in:
- The U.S. federal government, such as the U.S. Department of State or the Department of Defense (DoD)
- The military
- Civilian roles, such as federal contractors
- Local governments
- Private sector organizations
Earning your CAP is an excellent step if you need to:
- Understand the RMF process in detail — including how to apply it in your organization. Or, you need to fill gaps in your knowledge. No other certification is as comprehensive!
- Validate your knowledge, so you can move up within your organization or get better choices in projects.
- Meet your organization’s information security certification requirements. For example, you’re moving to a new position that has DoD cybersecurity mandates.
- Keep your knowledge fresh about new technologies and threats.
Many who pursue the CAP are:
- ISSOs, ISSMs and other infosec/information assurance practitioners who are focused on security assessment and authorization (traditional C&A) and continuous monitoring issues.
- Executives who must “sign off” on Authority to Operate (ATO).
- Inspector generals (IGs) and auditors who perform independent reviews.
- Program managers who develop or maintain IT systems.
- IT professionals interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management.
The exam outline is a free resource that details the major topics and subtopics within the domains that are covered on the CAP exam. Reviewing this outline will help you determine which topics you may feel less confident about and develop a study plan around those topics. Note: Effective October 15, 2018, the CAP exam will be based on a new exam outline. The domains and their weights have changed. Please refer to the CAP Exam Outline and our CAP FAQs for details.
Prepare for your CAP exam through a combination of training courses and individual study. And learn from (ISC)2 — the creator of the CAP CBK! Simply choose the best training format for your schedule, needs and learning style.
- Ideal for hands-on learners. We offer the most thorough review of the CAP CBK, industry concepts and best practices.
- Five-day training event delivered in a classroom setting. Eight hours a day.
- Led by authorized instructors.
Private On-Site Training
- A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
- Tailored to your team’s schedule, budget and certification requirements.
- Conveniently taught in your office space or a local venue.
- Led by authorized instructors.
CAP Training Course Overview
Our training helps you fully prepare for this cloud security certification. You will:
- Review, refresh and expand your cloud security knowledge.
- Identify areas you need to study for the CAP exam.
You can expect an in-depth review of the seven domains of the CAP CBK — including discussion of industry best practices and timely security concepts. (ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK. Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.
In addition to training, (ISC)² offers resources to help you with self-study. Resources include:
Once you’ve earned this RMF certification, you become a member of (ISC)². You enter one of the largest communities of information security professionals in the world. You gain access to unparalleled global resources and networking. Quite simply, you have endless opportunities to grow and refine your craft. But certification is a privilege that must be earned and maintained. To remain in good standing with your CAP, you need to:
- Abide by the (ISC)² Code of Ethics.
- Earn and post Continuing Professional Education (CPE) credits.
- Pay your Annual Maintenance Fee (AMF).
Here’s a closer look at each.
Abiding by the (ISC)² Code of Ethics
You agree to fully support and follow the (ISC)² Code of Ethics.
Earning and Posting CPE Credits
Cybersecurity is constantly changing. (You know this well!) You need to earn CPE hours to stay well-rounded and keep up your expertise. Over the three-year CAP certification cycle, you must earn and post a minimum of 60 CPE credits. CPEs may sound like a big task. However, (ISC)² makes it easy for you to earn your CPE credits on a regular basis.
(ISC)² offer access to:
- Live educational events around the world.
- Online seminars that can be taken in the comfort of your home or office. They’re available exclusively to (ISC)² members.
- And many more learning opportunities.
Paying Annual Maintenance Fees (AMFs)
Once you earn this RMF certification, you must pay USD$65 each year of your three-year certification cycle. Your payment is due before your certification or recertification annual anniversary date. Your payments help ensure that (ISC)2 has the financial resources to:
- Be a functional, dynamic entity for leading information security and IT professionals (like you) far into the future.
- Develop more CPE opportunities.
- Continue to meet the certification needs and requirements of information security professionals.
- Maintain member records.
How to Regain Membership if Your CAP Ends
If you wish to regain membership, you’ll need to:
- Pay any outstanding AMF payments. (This needs to take place before you sit for the exam.)
- Retake and pass the exam to become certified again.
- Contact Member Services to reactivate your certification after you pass the exam.
Do you have questions about maintaining your CAP certification? Ask Member Services.