Top of Page
 
CAP

CAP – Security Assessment and Authorization Certification

What you need to know about the CAP exam and certification


Register for Exam   View Exam Outline

Become a CAP – Certified Authorization Professional

Earning the CAP certification is a proven way to build your career and demonstrate your expertise within various risk management frameworks.

The CAP shows employers you have the advanced technical skills and knowledge to understand Governance, Risk and Compliance (GRC), and can authorize and maintain information systems utilizing various risk management frameworks, as well as best practices, policies and procedures.

Prove your skills, advance your career, and gain support from a community of cybersecurity leaders here to help you throughout your professional journey.

Looking for more assistance as you navigate the CAP certification for yourself or team members? Download the CAP Ultimate Guide or learn more about our CAP education.

Get New Pricing for Training  Free CAP Ultimate Guide

Who Earns the CAP?

The CAP is ideal for IT, information security and information assurance practitioners who work in Governance, Risk and Compliance (GRC) roles and have a need to understand, apply and/or implement a risk management program for IT systems within an organization.

Unsure if the CAP is right for you? The (ISC)² Qualifications Pathfinder can help you identify the certifications that best align with your career goals.

Work in government? See how the CAP meets the U.S. Department of Defense (DoD) Directive 8570.1.

Commit. Plan. Succeed.Commit. Plan. Succeed.

Certification, Education and Membership

Earning the CAP

Before you begin your journey to CAP certification, it’s important to familiarize yourself with the (ISC)² certification process. Earning the CAP – or any (ISC)² certification – requires much more than passing a challenging exam that measures your mastery and skill across the relevant domains and subject matter. (ISC)² exams are experiential based, which means they evaluate candidates’ knowledge, skills and abilities gained over years of on-the-job, in-the-field application of the tools, concepts and practices that other cybersecurity professionals deem essential for a CAP. 

Prior to a CAP candidate sitting for an exam, the expectation is they will meet the CAP Experience Requirements and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)² CAP Common Body of Knowledge (CBK). While you may sit for and pass the CAP exam before earning the prerequisite years of experience, you cannot earn your certification until you have gained the required work experience (learn more about our Associate of (ISC)²  program if you do not yet meet the experience requirements). 

Once an exam is passed, validation of your work experience is accomplished through the endorsement process. You will receive an email with your official exam results and instructions to begin endorsement. This process requires an assessment by (ISC)² Member Services of your submitted work experience and a formal endorsement from another (ISC)² member.

After the endorsement process is complete, you are required to commit to and fully support the (ISC)² Code of Ethics:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principles.
  • Advance and protect the profession.

You will then be notified via email that you can pay your first Annual Maintenance Fee (AMF) of U.S. $125 to begin your three-year certification cycle.

Finally, (ISC)² certification is often a career-long commitment for many cybersecurity professionals. Maintaining your CAP extends well beyond passing the exam. It requires earning continuing professional education (CPE) credits that ensure your skills remain current and also demonstrates to employers and your peers that you are committed to your ongoing professional development.

The CAP Exam Process

All candidates should familiarize themselves with (ISC)² exam policies and procedures. Learn everything you need to know before, during and after your exam, including exam fees, exam scoring and formatting, the exam agreement, how to request special accommodations, how to reschedule an exam and much more.

Learn More

What to Expect on the CAP Exam

Exam outlines are available for all (ISC)² certifications, and they provide details on the domains covered by each exam. Visit the CAP Exam Outline and explore the domains covered by the exam.

CAP Exam Outline

Register for the CAP Exam

All (ISC)² exams are administered by our exclusive global partner Pearson VUE. If you’re ready to pursue the CAP certification, commit yourself now by registering for the exam. You can find details on testing locations, policies, accommodations and more on the Pearson VUE website.

Register Now

Strengthen Your Cybersecurity Skills

Although not required, many candidates find it helpful to take advantage of Official (ISC)² education prior to their exams.

(ISC)² CAP education provides an in-depth review of the concepts and domains covered in the CAP Exam Outline – upon which the CAP Common Body of Knowledge is developed. (ISC)² education helps you strengthen your critical thinking skills, so you can apply your knowledge and years of experience to make your most reasoned judgments possible during your CAP exam.

From self-paced to online or in-person instructor-led, (ISC)² has a cybersecurity education option designed just for you:

We also partner with leading education providers around the world to make sure you have convenient access to official courses that fit your needs, location and schedule. All instructors are verified security experts, authorized by (ISC)² to deliver the most relevant, up-to-date course content developed by (ISC)².

Explore CAP Education

Continue Your Professional Journey

Once you earn your (ISC)² certification, you are a member of our association.

As an (ISC)² member, you never stop learning and growing. We provide access to a full suite of benefits and resources to help enable your continuing education and development to keep you ahead of the latest threats, best practices and industry trends. Learn more about how certification is just the first step in your (ISC)² membership and how you can take advantage of:

  • Enriching professional development and volunteer opportunities
  • Peer-to-peer networking and best-practice sharing
  • (ISC)² Security Congress annual cybersecurity conference
  • Professional recognition and awards programs
  • Discounts on leading industry event registration, learning materials, services and more.

Learn About Membership

Earning the CAP

Before you begin your journey to CAP certification, it’s important to familiarize yourself with the (ISC)² certification process. Earning the CAP – or any (ISC)² certification – requires much more than passing a challenging exam that measures your mastery and skill across the relevant domains and subject matter. (ISC)² exams are experiential based, which means they evaluate candidates’ knowledge, skills and abilities gained over years of on-the-job, in-the-field application of the tools, concepts and practices that other cybersecurity professionals deem essential for a CAP. 

Prior to a CAP candidate sitting for an exam, the expectation is they will meet the CAP Experience Requirements and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)² CAP Common Body of Knowledge (CBK). While you may sit for and pass the CAP exam before earning the prerequisite years of experience, you cannot earn your certification until you have gained the required work experience (learn more about our Associate of (ISC)²  program if you do not yet meet the experience requirements). 

Once an exam is passed, validation of your work experience is accomplished through the endorsement process. You will receive an email with your official exam results and instructions to begin endorsement. This process requires an assessment by (ISC)² Member Services of your submitted work experience and a formal endorsement from another (ISC)² member.

After the endorsement process is complete, you are required to commit to and fully support the (ISC)² Code of Ethics:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principles.
  • Advance and protect the profession.

You will then be notified via email that you can pay your first Annual Maintenance Fee (AMF) of U.S. $125 to begin your three-year certification cycle.

Finally, (ISC)² certification is often a career-long commitment for many cybersecurity professionals. Maintaining your CAP extends well beyond passing the exam. It requires earning continuing professional education (CPE) credits that ensure your skills remain current and also demonstrates to employers and your peers that you are committed to your ongoing professional development.

The CAP Exam Process

All candidates should familiarize themselves with (ISC)² exam policies and procedures. Learn everything you need to know before, during and after your exam, including exam fees, exam scoring and formatting, the exam agreement, how to request special accommodations, how to reschedule an exam and much more.

Learn More

What to Expect on the CAP Exam

Exam outlines are available for all (ISC)² certifications, and they provide details on the domains covered by each exam. Visit the CAP Exam Outline and explore the domains covered by the exam.

CAP Exam Outline

Register for the CAP Exam

All (ISC)² exams are administered by our exclusive global partner Pearson VUE. If you’re ready to pursue the CAP certification, commit yourself now by registering for the exam. You can find details on testing locations, policies, accommodations and more on the Pearson VUE website.

Register Now

Strengthen Your Cybersecurity Skills

Although not required, many candidates find it helpful to take advantage of Official (ISC)² education prior to their exams.

(ISC)² CAP education provides an in-depth review of the concepts and domains covered in the CAP Exam Outline – upon which the CAP Common Body of Knowledge is developed. (ISC)² education helps you strengthen your critical thinking skills, so you can apply your knowledge and years of experience to make your most reasoned judgments possible during your CAP exam.

From self-paced to online or in-person instructor-led, (ISC)² has a cybersecurity education option designed just for you:

We also partner with leading education providers around the world to make sure you have convenient access to official courses that fit your needs, location and schedule. All instructors are verified security experts, authorized by (ISC)² to deliver the most relevant, up-to-date course content developed by (ISC)².

Explore CAP Education

Continue Your Professional Journey

Once you earn your (ISC)² certification, you are a member of our association.

As an (ISC)² member, you never stop learning and growing. We provide access to a full suite of benefits and resources to help enable your continuing education and development to keep you ahead of the latest threats, best practices and industry trends. Learn more about how certification is just the first step in your (ISC)² membership and how you can take advantage of:

  • Enriching professional development and volunteer opportunities
  • Peer-to-peer networking and best-practice sharing
  • (ISC)² Security Congress annual cybersecurity conference
  • Professional recognition and awards programs
  • Discounts on leading industry event registration, learning materials, services and more.

Learn About Membership

Ok