Certified Authorization Professional

CAP - Certified Authorization Professional

Demonstrate your expertise in risk management and system security with the Certified Authorization Professional (CAP) certification. This comprehensive certification validates your ability to authorize and maintain the security of sensitive and unclassified information systems, assets, and data.

Focus

The Certified Authorization Professional certification focuses on Authorization, Risk Management, System Security, Information Security

Exam Duration

The Certified Authorization Professional exam duration is 4 hours

Num of Question

The exam contains a total of 148 questions (proctored and non-proctored combined)

Exam Fee

The exam fee is $435 (ISC2 Member) / $675 (ISC2 Non-Member).

Exam Validity

The CCRN-Pediatric certification is valid for 3 years.

Prior Certification

• CAP, none required, but recommended to have approved prerequisite education and experience as per the ISC2 CAP certification handbook.

Exam Format

The Certified Authorization Professional exam is a Both Proctored and Non-Proctored Exams are available

Passing Conditions

To pass Certified Authorization Professional exam, applicants must achieve a minimum score of Achieve a score of 0.7 for a passing grade (0.7 * 148 = 103.6 out of 148). All questions are multiple-choice and may contain multiple correct answers.

Who Should Take

Enterprise IT practitioners and managers desiring to obtain a CAP. Individuals who will be responsible for certification costs can opt for the non-proctored certification exam fee.

• IT Manager
• Policy and procedure Writers
• Auditors
• Risk Managers / Analysts
• IT Operational and Security Personnel

Prerequisites

CAP candidates require at least 3 years of work experience (post-college) in any of the following areas: Information security, Risk Management, Project management (info-system security) or Information assurance (system/Network security)

Or can substitute with certifications:

• A bachelor"s degree from an accredited college/university and a minimum 3 years of experience related to Information Security, Analysis, and Program Management (ISAPM) or a related field. N/A
• A bachelor"s degree from an accredited college/university and N/A of experience

Certification Process

• Submit your application with your payment for the exam fee (Proctored or non-Proctored).
• Once your application has been approved, begin preparing for the examination (reading study materials, enrolling in a training program and/or registering for practice exam questions).
• Once your readiness has been validated, your eligibility to take the exam will be notified by the security clearance process, which usually takes a few days once your application has been processed by the certification body.

Domains with Weights

• Domain 1 - Security Governance and Risk Management (33%): Apply knowledge of governance models, risk management frameworks, and C&A models to satisfy regulatory requirements and mitigate risk.
• Domain 2 - System Security and Controls (29%): Design/evaluate information systems employing standards, guidelines, and technologies that ensure compliance with FISMA, COBIT, DHS, and other similar requirements.
• Domain 3 - Business Environment, Security Industry Trends, Technologies, and Pristine Security Topics (21%): Understand modern systems security focus areas and how various C&A methodologies enable business decisions to align with the results of your security decisions.
• Domain 4 - Authorization and Maintenance Process Lifecycle (10%): Evaluate information systems employing standards, guidelines, and technologies that ensure compliance with FISMA, COBIT, DHS, and other similar requirements for system evaluation.
• Domain 5 - Stake Holder Communication and Relationship Building (7%): Demonstrate your ability to build successful strategic partnerships, communicate security concepts effectively to organization leadership and their stakeholders, as well as gain effective buy-in towards shared security agenda items.