ISC2
Advanced
35 hours
CAP

Certified Authorization Professional (CAP)

The ISC2 Certified Authorization Professional (CAP) demonstrates expertise in risk management and the authorization of information systems within the US federal government framework. It validates the ability to implement and manage security authorizations under NIST RMF, making it essential for government and defense contractors.

Request Training Email Inquiry

What is the CAP Course?

The ISC2 Certified Authorization Professional (CAP) demonstrates expertise in risk management and the authorization of information systems within the US federal government framework. It validates the ability to implement and manage security authorizations under NIST RMF, making it essential for government and defense contractors.

Who Should Take This Course?

  • Government IT security professionals
  • Information System Security Officers (ISSOs)
  • Security assessors and auditors
  • Risk management specialists
  • Federal agency IT directors and managers
  • Defense contractors handling classified systems
  • Compliance officers in regulated industries

What You Will Learn in the CAP Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Domain 1: Risk Management Framework (RMF)

Understanding the NIST Risk Management Framework and its application to federal information systems.

  • NIST RMF steps and lifecycle
  • Federal information security laws (FISMA)
  • Security categorization using FIPS 199
  • System authorization boundaries

Domain 2: Categorization of Information Systems

  • FIPS 199 security categories
  • Impact levels (Low, Moderate, High)
  • System boundary definition
  • Documenting system characteristics

Domain 3: Selection of Security Controls

  • NIST SP 800-53 control families
  • Baseline security controls selection
  • Tailoring and scoping controls
  • Control overlays and enhancements

Domain 4: Implementation of Security Controls

  • Security control implementation planning
  • Configuration management
  • Supply chain risk management
  • Documentation of control implementation

Domain 5: Assessment of Security Controls

  • Security assessment planning
  • Assessment methods and procedures
  • Assessment findings and evidence
  • Security assessment report (SAR)

Domains 6-7: Authorization & Continuous Monitoring

  • Plan of action and milestones (POA&M)
  • Authorization decision packages
  • Ongoing authorization concepts
  • Continuous monitoring strategy and tools

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

  • 2 years of cumulative paid work experience in 1+ of the 7 CAP domains
  • Experience in the authorization and/or security of information systems
  • Endorsement by an ISC2 member within 9 months of passing
  • Agreement to the ISC2 Code of Ethics

Exam Information

Everything you need to know about the CAP certification exam.

Exam ComponentDetails
Exam Name
Certified Authorization Professional
Exam Code
CAP
Exam Type
Multiple choice
Total Questions
125
Passing Score
700 (out of 1000)
Exam Duration
180 minutes
Language
English
Exam Provider
Pearson VUE (in-person or online proctored)
Exam Focus
Risk management and authorization of information systems under NIST RMF
Exam Registration
Pearson VUE via ISC2.org
Retake Policy
30-day wait after 1st/2nd fail; 90-day wait after 3rd; max 3 attempts per year
Certification Validity
3 years (60 CPE credits required for renewal)

Exam Topics

RMF (16%)
Categorization (11%)
Control Selection (16%)
Control Implementation (15%)
Control Assessment (15%)
System Authorization (10%)
Continuous Monitoring (17%)

Training Plans

Select the plan that matches your career goals

Basic

Certification Program

USD699
  • Certification syllabus training
  • Private instructor-led live classes
  • Hands-on labs
  • Practice exams
  • Certification exam guidance
Get Started

Pro

Certification + Projects

USD919
  • Everything in Basic
  • Real-world industry projects
  • Case studies
  • GitHub portfolio project
  • Assignment reviews
  • Capstone mini project
Get Started
Most Popular

Premium

Career Acceleration

USD1,189
  • Everything in Pro
  • Resume building
  • LinkedIn profile optimization
  • Interview preparation
  • Mock interviews
  • Career mentoring sessions
  • Capstone project
  • Certification exam strategy
  • Industry use-case training
Get Started

Need custom enterprise pricing? support@prosupportconsulting.in

Learning Path

Your certification journey — from prerequisites to advanced roles.

2 years security experience
SSCP or Security+
This Certification

CAP Certification

Prerequisite This Certification Next Steps

Related Certifications

CGRC — Governance, Risk & ComplianceCISSP — Expert Level SecurityCISM — ISACA Security ManagementCompTIA Security+

Ready to Get Certified?

Start your Certified Authorization Professional (CAP) journey with private 1-to-1 training from certified industry developers.

Book a Discovery Call Contact Us
support@prosupportconsulting.in