CAP Experience Requirements
To qualify for the CAP you must have a minimum of two years of cumulative paid work experience in one or more of the seven domains of the CAP Common Body of Knowledge (CBK).
A candidate who doesn’t have the required experience to become a CAP may become an Associate of (ISC)² by successfully passing the CAP examination. The Associate of (ISC)² will then have three years to earn the two year required experience.
Part-time work and internships may also count towards your experience.
Valid experience includes information systems security-related work performed in pursuit of information system authorization, or work that requires security risk management knowledge and involves direct application of that knowledge. Experience must fall within one or more of the seven domains of the (ISC)² CAP CBK:
- Domain 1. Risk Management Framework (RMF)
- Domain 2. Categorization of Information Systems
- Domain 3. Selection of Security Controls
- Domain 4. Security Control Implementation
- Domain 5. Security Control Assessment
- Domain 6. Information System Authorization
- Domain 7. Monitoring of Security Controls
Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience
Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.
- 1040 hours of part-time = 6 months of full time experience
- 2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.
Not Enough Experience?
Start on a pathway to certification with the Associate of (ISC)²! You can take a certification exam without the work experience. If you pass, you simply work to get the experience needed for certification.