What is a Certified Authorization Professional?

The Certified Authorization Professional (CAP) certification is a reputable way for a risk professional to demonstrate their expertise in various risk management frameworks. 

Why is the CAP important?

A CAP certification demonstrates to employers that you have the advanced technical expertise and knowledge to authorize and maintain information systems and utilize best practices across various risk management frameworks. CAP is compliant with the requirements of ANSI/ISO/IEC Standard 17024.

Who needs a CAP?

The CAP is intended for IT and information security professionals who work in Governance, Risk, and Compliance (GRC) roles and need to implement a risk management program for information systems within an organization.

How to become a Certified Authorization Professional

CAP qualifications include a minimum of two years of cumulative, paid work experience in one of the seven domains of the (ISC)² CAP Common Body of Knowledge (CBK). The seven CBK domain areas are: 

  • Information Security Risk Management Program
  • Categorization of Information Systems (IS)
  • Selection of Security Controls
  • Implementation of Security Controls
  • Assessment of Security Controls
  • Authorization of Information Systems (IS)
  • Continuous Monitoring

Who is the certifying association

CAP is the only certification under the DoD8570 mandate that aligns with each step in the risk management framework established by the cybersecurity experts (ISC)².

Requirements to stay certified

A CAP certification must be renewed every three years. This can be done through earning at least 60 Continuing Professional Education (CPE) credits and paying an Annual Maintenance Fee (AMF).