Certified Authorization Professional (CAP)

Issued By (ISC)²

The vendor-neutral CAP credential confirms knowledge, skill, and experience required for authorizing and maintaining information systems within the new Risk Management Framework as outlined in NIST SP 800-37 Rev 1. CAP validates that an authorization professional has the competence to ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.

Additional Details

Demonstrated Skills

Categorization Of Information Systems
Information System Authorization
Monitor Security Controls
Risk Management Framework (RMF)
Security Control Assessment
Security Control Implementation
Selection Of Security Controls

Earning Criteria

Obtain the required experience
Achieve a passing score on the CAP exam
Obtain an endorsement from an existing (ISC)² member
Subscribe to the Code of Ethics
Complete annual education requirements
Complete requirements for periodic re-certification of the credential

Standards

ISO/IEC 17024:2012

ISO/IEC 17024:2012 contains principles and requirements for a body certifying persons against specific requirements, and includes the development and maintenance of a certification scheme for persons.