Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.

How to Study for the CAP® Exam

1. Download the Exam Outline, which provides: 

  • CAP certification content outline (i.e., knowledge domains and sub-topics).  
  • References
  • Typical exam question/item formats
  • Exam registration and administration policies

2. Join the CAP Group on InterSeC at  

  • Become a part of a professional community
  • Meet CAP Subject Matter Experts (SMEs)
  • Show your understanding of the CAP material - help others, also get help when you need it.

3. STUDY: The references in the CAP CIB form the basis of a good study plan and should be complemented with other suitable material when necessary to help understand and reinforce the concepts. To be successful it is recommended that candidates align references to knowledge domains and explore interactions and dependencies in processes. Candidates are expected to apply their work experience and knowledge during the exam and thus must be thoroughly conversant with NIST Special Publications (SP) and Federal Information Processing Standards (FIPS). Plan to spend extra time studying the following documents:

  • FIPS 199: Standards for Security Categorization of Federal Information and Information Systems
  • FIPS 200: Minimum Security Requirements for Federal Information and Information Systems 
  • NIST SP 800-18 rev 1: Guide for Developing Security Plans for Federal Information Systems 
  • NIST SP 800-30 rev 1: Risk Management Guide for Information Technology Systems
  • NIST SP 800-37 rev 1: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
  • NIST SP 800-39: Managing Information Security Risk Organization, Mission, and Information System View
  • NIST SP 800-53 rev 4: Recommended Security Controls for Federal Information Systems and Organizations 
  • NIST SP 800-53A: Guide for Assessing the Security Controls in Federal Information Systems
  • NIST SP 800-60 vol 1 and 2: Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes)

4. Take an Official (ISC)² CAP Training Seminar to review and refresh your knowledge 

5. If you feel ready, sit for the CAP Exam

6. If not, take additional time to go back through the above study plan.

For more information about the CAP credential, visit