CAP (Certified Authorization Professional) Certification Overview


Are you looking to build your career and demonstrate your expertise in information security and the Risk Management Framework (RMF)? Do you want to differentiate yourself with employers and/or clients? The Certified Authorization Professional (CAP) certification, established by (ISC)2, helps security practitioners like you prove their knowledge and advanced technical skills to maintain and authorize information systems within the RMF.

It does this by using the best practices, policies and procedures developed the (ISC)2 cybersecurity experts. CAP’s Common Body of Knowledge (CBK) has been designed by following the guidelines given in the NIST SP 800-37 Rev. 1 document. CAP is also the only certification approved by the U.S. Department of Defense (DoD)’s DoD8570 regulation.

The CAP certification was first introduced in 2005. Since then, around 125,000 cybersecurity professionals have been certified. Recently, the CAP CBK has been changed and will be effective from October 15th, 2018.

What Are the CAP Requirements?

Before applying for CAP certification exam, you must have at least two years of cumulative, full-time and paid work experience in one or more of the seven (7) domains of the CAP CBK. However, if you do not possess two years of experience, then you can still become an (ISC)2 Associate by passing the CAP exam successfully. After that, you will have three years to attain the two years of required experience.

What Are the Job Titles for CAP Professionals?

The Certified Authorization Professional, or CAP, is an Information Security Practitioner who endeavors to maintain system security commensurate with an enterprise’s mission and risk tolerance. The CAP helps organizations to meet compliance requirements such as adhering to the General Data Protection Regulation (GDPR). Today, CAPs are performing their duties in the IT industry with many different job titles, including:

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Fakhar Imam. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)