Certified Authorization Professional (CAP)

PT20537
Training Summary
The Certified Authorization Professional (CAP) is an information security practitioner who champions system security commensurate with an organization’s mission and risk tolerance, while meeting legal and regulatory requirements. CAP confirms an individual’s knowledge, skill, and experience required for authorizing and maintaining information systems within the Risk Management Framework as outlined in NIST SP 800-37 Rev 1. The broad spectrum of topics included in the CAP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following 7 domains:
  • Risk Management Framework (RMF)
  • Categorization of Information Systems
  • Selection of Security Controls
  • Security Control Implementation
  • Security Control Assessment
  • Information System Authorization
  • Monitoring of Security Controls
CAP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024. CAP Examination Information
  • Length of exam – 3 hours
  • Number of questions – 125
  • Question format – Multiple choice
  • Passing grade – 700 out of 1000 points
  • Exam availability – English
  • Testing center – Pearson VUE Testing Center
Prerequisites
Before taking this course, candidates must have a minimum of 2 years cumulative paid full-time work experience in 1 or more of the 7 domains of the CAP CBK. A candidate that doesn’t have the required experience to become a CAP may become an Associate of (ISC)² by successfully passing the CAP examination. The Associate of (ISC)² will then have 3 years to earn the 2 year required experience.
Duration
2 Days/Lecture & Lab
Audience
The CAP is ideal for IT, information security and information assurance practitioners, and contractors who use the Risk Management Framework (RMF). Many who pursue the CAP are:
  • ISSOs, ISSMs and other infosec/information assurance practitioners who are focused on security assessment and authorization (traditional C&A) and continuous monitoring issues.
  • Executives who must "sign off" on Authority to Operate (ATO).
  • Inspector generals (IGs) and auditors who perform independent reviews.
  • Program managers who develop or maintain IT systems.
  • IT professionals interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management.
Course Topics
  • Risk Management Framework (RMF)
  • Categorization of Information Systems
  • Selection of Security Controls
  • Security Control Implementation
  • Security Control Assessment
  • Information System Authorization
  • Monitoring Security Controls

Related Scheduled Courses