The Definitive Guide to the Certified Authorization Professional (CAP)

What is the CAP Certification?

Content Navigation show

The Certified Authorization Professional (CAP) is an information security certification focused on risk management frameworks (RMF) and the Risk Management Framework (RMF) process.

It is administered by the International Information System Security Certification Consortium, or (ISC)2, a non-profit organization that specializes in information security certifications and standards.

The CAP certification validates that holders have the necessary skills and experience in:

  • Information system authorization
  • Security control selection, implementation, assessment and monitoring
  • Risk management frameworks
  • Information system categorization
  • Governance, risk and compliance

In short, CAP certificate holders demonstrate expert-level competence in approving, managing and securing information systems according to various RMF standards and guidelines.

Why Get CAP Certified?

There are many benefits to earning the CAP credential:

  • Career advancement – Getting CAP certified shows you have specialist RMF skills and can set you apart from the competition when applying for information security roles.
  • Increased salary – On average, CAP credential holders earn a salary above $124,000 per year.
  • Compliance with DoD directive 8140 – The CAP meets DoD IAT Level I and IAM Level I/II requirements, making you eligible for IT positions in the U.S. defense sector.
  • Flexible career opportunities – CAP skills are versatile, applicable across private and public industries, opening up more job prospects.

In today‘s threat landscape, organizations greatly value cybersecurity and risk management expertise. The CAP certification shows you have those coveted skills.

CAP Certification Prerequisites

To qualify for the CAP exam, you must have:

  • A minimum of 2 years cumulative work experience in 1 or more of the CAP Common Body of Knowledge (CBK) domains
  • Payment of the $599 exam fee (for U.S. residents)

There are no mandatory courses or training. However, (ISC)2 recommends reviewing the exam outline and CBK to ensure your experience covers the knowledge domains tested.

You must provide an endorsement of your experience to validate your eligibility.

CAP Exam Details

Here are the key details about the CAP certification exam:

  • Number of Questions: 125
  • Format: Multiple Choice
  • Length: 3 hours 30 minutes
  • Passing Score: 700 out of 1000 points (70%)
  • Available at Pearson VUE testing centers
  • Exam offered in English

The $599 exam fee allows for up to 4 attempts to pass the test within 1 year.

You should allow plenty of time to study – most candidates spend 30-40 hours preparing.

CAP Exam Content Outline

The CAP exam covers 8 knowledge domains or sections:

  1. Access Control (14%)
  2. Security Operations (15%)
  3. Risk Identification, Monitoring and Analysis (16%)
  4. Incident Management (13%)
  5. Cryptography (10%)
  6. Network & Telecommunications Security (11%)
  7. Systems and Application Security (11%)
  8. Security Assessment and Testing (10%)

The percentage indicates the exam weight of that domain. You can review the full outline on the (ISC)2 website for subtopics covered under each knowledge area.

Studying for the CAP Exam

Give yourself 2-6 months to adequately prepare for the exam. Some tips and resources:

  • Read the Official (ISC)2 Guide to the CAP CBK textbook – detailed coverage of all topics
  • Take online CAP training courses for structured learning
  • Get hands-on practice with Risk Management Framework software tools
  • Work through CAP practice tests and sample questions
  • Review recent NIST guidelines and frameworks related to RMF
  • Join an (ISC)2 CAP study group to learn from peers

Focus your preparation on weaker domains and reinforce knowledge through practical application on the job. Use acronyms and mnemonics to aid recall of processes, standards and best practices.

What Can You Do with a CAP Certification?

As a CAP, you can qualify for careers such as:

  • Security Control Assessor
  • System Security Officer
  • Chief Information Security Officer (CISO)
  • IT Auditor
  • Security Manager
  • Security Analyst
  • Risk Management Specialist

Average reported salaries exceed $124,000 for CAP certified professionals. Your increased credibility and expertise can propel advancement to senior technical and leadership positions.

With the versatile RMF skills gained, you can pivot into cybersecurity and risk management roles across industries – from government agencies to private sector corporations.

Maintaining Your CAP Certification

Once certified, you must earn 60 Continuing Professional Education (CPE) credits over a 3 year cycle to maintain your credential. 1 CPE credit = 1 hour learning/education.

You also need to:

  • Annually reaffirm your (ISC)2 code of ethics
  • Remain employed in your field and keep skills current
  • Pay a $125 Annual Maintenance Fee (AMF)

Certification renewal fees are $150 every 3 years ($50 per year).

Staying CAP certified proves ongoing competence and commitment to professional development.

Should You Become a CAP?

The CAP certification signals robust, real-world expertise in securely managing information systems through Risk Management Frameworks.

While study time and costs are considerable, they pay dividends through enhanced career prospects, higher salaries, industry credibility and compliance with defense directives.

For IT professionals focused on authorization, governance and compliance, the CAP can fast track progression to coveted, specialized security roles – making it a valuable investment if you have 2+ years relevant experience.

Consider supplementing with prep training and perhaps FEMA or NIST certifications first if lacking RMF grounding. Alternatively, the CISSP may suit broader information security aims.

Ultimately, the CAP certification is ideal for demonstrating profound capabilities in security risk analysis and data protection – today’s imperatives for organizations and national infrastructure.

Tags: