CAP (Certified Authorization Professional) certification overview

October 10, 2018 by Fakhar Imam

Are you looking to build your career and demonstrate your expertise in information security and the Risk Management Framework (RMF)? Do you want to differentiate yourself with employers and/or clients? The Certified Authorization Professional (CAP) certification, established by (ISC)2, helps security practitioners like you prove their knowledge and advanced technical skills to maintain and authorize information systems within the RMF.

It does this by using the best practices, policies and procedures developed the (ISC)2 cybersecurity experts. CAP’s Common Body of Knowledge (CBK) has been designed by following the guidelines given in the NIST SP 800-37 Rev. 1 document. CAP is also the only certification approved by the U.S. Department of Defense (DoD)’s DoD8570 regulation.

The CAP certification was first introduced in 2005. Since then, around 125,000 cybersecurity professionals have been certified. Recently, the CAP CBK has been changed and will be effective from October 15th, 2018.

What are the CAP requirements?

Before applying for CAP certification exam, you must have at least two years of cumulative, full-time and paid work experience in one or more of the seven (7) domains of the CAP CBK. However, if you do not possess two years of experience, then you can still become an (ISC)2 Associate by passing the CAP exam successfully. After that, you will have three years to attain the two years of required experience.

What are the job titles for CAP professionals?

The Certified Authorization Professional, or CAP, is an Information Security Practitioner who endeavors to maintain system security commensurate with an enterprise’s mission and risk tolerance. The CAP helps organizations to meet compliance requirements such as adhering to the General Data Protection Regulation (GDPR). Today, CAPs are performing their duties in the IT industry with many different job titles, including:

  • Information Systems Analyst
  • Cybersecurity Analyst
  • Senior Project Manager IT
  • Information Security Manager
  • Information Technology Auditor
  • Information Security Specialist
  • Cybersecurity Engineer

What is the average CAP salary?

According to a CertMag Salary Survey from 2018, the average salary of the CAP is the $131,100. This survey is global, but 56% of all respondents checked in from the United States. The survey includes 75 certifications and an average salary for each of them. You can compare your salary with other certification holders by visiting CertMag Salary Survey 2018. For more information, you can also visit the InfoSec Institute’s article, Average CAP (Certified Authorization Professional) Salary in 2018.

How do I prepare for a CAP exam?

Last-minute cramming is not the best way to approach your CAP exam. To help sort out the time management for your CAP exam, you need to set up a timetable and choose a quiet environment for your study. Once you have been fully prepared for your CAP exam, you need to take the mock tests before taking the actual exam. Mock tests will help you to figure out your weaknesses and identify the areas that need improvement.

Wasting time on irrelevant resources can be stressful and fruitless. Therefore, it’s important to study the (ISC)2 Self-Study Resources to best prepare for your CAP exam.

Furthermore, it’s best to become familiar with the exam outline or CAP CBK, which consists of seven separate domains. Reviewing exam outlines helps you to stay connected to the most relevant resources. You can take part in InfoSec’s 3-day CAP Training Boot Camp, which concentrates on gearing up candidates through extensive mentoring and drill sessions, a review of the entire CAP CBK, and a set of practical question and answer scenarios, all conducted via a high-energy seminar approach.

What are the key benefits of getting CAP-certified?  

Having a CAP certification proves that you are dedicated, motivated and well-versed in authorizing and maintaining the organization’s information systems within the Risk Management Framework (RMF). Your CAP credential is a quick and readily-recognized benchmark in the IT industry.

Once you successfully earn the CAP certification, you will become a member/associate of (ISC)2 and you can collaborate with the growing global community of over 125,000 cybersecurity experts. Moreover, you will gain access to the ongoing continuing education and professional development opportunities that assist you to keep abreast of the latest industry trends and keep your skills and knowledge current. Various other benefits of a CAP credential include:

Free Webinars:

  • EMEA Secure Webinars
  • Solutions Summit
  • From the Trenches
  • Security Briefings
  • ThinkTank

Network Opportunities:

  • (ISC)2 Member Reception
  • (ISC)2 Chapters

Discounted and Free Events:

  • (ISC)2 Security Congress (U.S., Latin America and Asia-Pacific)
  • (ISC)2 Secure Events
  • (ISC)2 Secure Summits EMEA
  • Industry Conferences

Discounts on (ISC)2 Education:

  • (ISC)2 Study Guides — 50%
  • (ISC)2 Training
  • (ISC)2 Textbooks — 50%

Industry Recognition:

  • (ISC)2 Global Awards Program

InfoSecurity Professional Magazine:

  • Six digital bi-monthly issues
  • Free for members

As a CAP-certified professional, you can find opportunities related to risk assessment and management in various organizations, including the U.S. federal government (such as the Department of Defense or Department of State), the military, private sector organizations, local governments and civilian roles (such as federal contractors).


It has been realized that the Certified Authorization Professional (CAP) certification is one of the best industry-leading IT certifications. The CAP proves to potential employers that you have the knowledge and advanced technical skills to maintain and authorize information systems within the Risk Management Framework (RMF). As cyberthreats grow every day by leaps and bounds, organizations are keenly looking for cybersecurity professionals who are well-versed in risk assessment and security authorization.

To fulfill a demand in the IT marketplace, an overwhelming number of security practitioners are seeking the CAP certification to boost their careers in IT realms. Once you become a CAP-certified, you will be able to find opportunities in both public and private organizations such as U.S. federal government or local government. In addition, (ISC)2 also offers you various benefits including free webinars, network opportunities, discounted and free events, industry recognition and more.

However, if you are not a member of (ISC)2 and looking for your CAP certification, then CAP training is indispensable for you. For this to be done effectively, you must choose a reliable CAP Training Boot Camp that could lead you to the path of success and towards your cherished goal of CAP credential.

As previously mentioned, you can take part in InfoSec’s 3-day CAP Training Boot Camp to best prepare for the CAP exam. InfoSec has been one of the most-awarded (42 industry awards) and trusted information security training vendors for the past 17 years, and also offers thousands of articles on a variety of security topics.


Posted: October 10, 2018
Articles Author
Fakhar Imam
View Profile

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.

Leave a Reply

Your email address will not be published. Required fields are marked *