CAP Certified Authorization Professional

View cart
CAP  Certified Authorization Professional

Certified Authorization Professional (CAP) – ISC2

Credential to be awarded: Certificate of Completion

Total Hours: 40

Tuition: $2,403
ALL Included:  Fees, Itemized: Course book $73; Optional ISC2 Certification Voucher $419

Total tuition & fees: $3890

Course Description

This certification preparation program for the Certified Authorization Professional (CAP) is targeted at professionals with at least 2 years of experience in information systems security certification and accreditation. The certification preparation program is designed to give new skills and tools to authorization officials, information owners, system owners, information system security officers and certifiers, senior system managers and other professionals. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals. CAP is a credential that is often highly sought after by levels of government, as well as private sector employers and contractors.

Day 1: Risk Management Framework (RMF) 

  • Topic A: Describe the Risk Management Framework (RMF), Describe and Distinguish between the RMF Steps
  • Topic B: Identify Roles and Define Responsibilities
  • Topic C: Understand and Describe How the RMF Process Relates
  • Topic D: Understand the Relationship between the RMF and System Development Life Cycle (SDLC)
  • Topic E: Understand Legal, Regulatory, and Other Security Requirements

Day 2: Categorization of Information Systems, and Selection of Security Controls 

  • Topic A: Categorize the System
  • Topic B: Describe the Information System (Including the Security Authorization Boundaries)
  • Topic C: Register the System
  • Topic D: Identify and Document Common (Inheritable) Controls
  • Topic E: Select, Tailor, and Document Security Controls
  • Topic F: Develop Security Control Monitoring Strategy
  • Topic G: Review and Approve SP

 Day 3: Security Control Implementation, and Security Control Assessment 

  • Topic A: Implement Selected Security Controls
  • Topic B: Document Security Control Implementation
  • Topic C: Prepare for Security Control Assessment
  • Topic D: Develop Security Control Assessment Plan
  • Topic E: Assess Security Control Effectiveness
  • Topic F: Develop Initial Security Assessment Report (SAR)
  • Topic G: Review Interim SAR and Perform Initial Remediation Actions
  • Topic H: Develop Final SAR and Optional Addendum

Day 4: Information System Authorization 

  • Topic A: Develop Plan of Action and Milestones (POAM) (e.g., Resources, Schedule, Requirements)
  • Topic B: Assemble Security Authorization Package
  • Topic C: Determine Risk
  • Topic D: Determine the Acceptability of Risk
  • Topic E: Obtain Security Authorization Decision

Day 5: Monitoring of Security Controls 

  • Topic A: Determine Security Impact of Changes to System and Environment
  • Topic B: Perform Ongoing Security Control Assessments (e.g., Continuous Monitoring, internal and external assessments)
  • Topic C: Conduct Ongoing Remediation Actions (resulting from incidents, vulnerability scans, audits, vendor updates, etc.)
  • Topic D: Update Key Documentation (e.g., SP, SAR, POAM)
  • Topic E: Perform Periodic Security Status Reporting
  • Topic F: Perform Ongoing Risk Determination and Acceptance
  • Topic G: Decommission and Remove System

Recommendations and Prerequisites

OrganizationCertification Recommendations/
In order to receive CAP Certification, students need a minimum of two years of direct full-time information systems security certification and accreditation professional experience in one or more of these seven (ISC)² CAP domains: (1) Understanding the Security Authorization of Information Systems, (2) Categorize Information Systems, (3) Establish the Security Control Baseline, (4) Apply Security Controls, (5.)Assess Security Controls, (6) Authorize Information System, (7) Monitor Security Controls. Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge.

If students don’t have the required work experience they may still sit for the exam and become an Associate of (ISC)² once successfully passing the CAP exam. Associate of (ISC)² students will then be able to become CAP certified once the required work experience has been completed.

OrganizationCertification Exam Requirements
To be certified, students must complete the certification exam with a minimum passing score of 700 or higher on a scale 100 to 1000 in the allotted 3-hour timeframe on the 125- question exam. Once students are notified that they have successfully passed the examination, students will be required to subscribe to the (ISC)² Code of Ethics and have their application endorsed before the credential can be awarded. An endorsement form for this purpose must be completed and signed by an (ISC)² certified professional who is an active member, and who is able to attest to their professional experience.

Course Features

  • Lectures 0
  • Quizzes 0
  • Duration 40 hours
  • Skill level Advanced Level
  • Language English
  • Students 10
  • Assessments Self
Curriculum is empty
View cart