Earning the CAP certification is a proven way to build your career and demonstrate your expertise within the risk management framework (RMF). The CAP is the only certification under the DoD8570 mandate that aligns with each RMF step. It shows employers you have the advanced technical skills and knowledge to authorize and maintain information systems within the RMF using best practices, policies and procedures established by the cybersecurity experts at (ISC)². 

You prove every day that you have what it takes to authorize and maintain information systems within the Risk Management Framework (RMF). But our profession is always changing, and even the brightest minds can benefit from having a guide on the journey to success.

Certification Requirements:

To qualify for the CAP, candidates must pass the exam and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)² CAP Common Body of Knowledge (CBK).   A candidate who doesn’t yet have the required experience to become a CAP may become an Associate of (ISC)² after successfully passing the CAP exam. The Associate of (ISC)² will then have three years to earn the experience needed for CAP certification.

CAP Domains:

• Domain 1. Information Security Risk Management Program
• Domain 2. Categorization of Information Systems (IS)
• Domain 3. Selection of Security Controls
• Domain 4. Implementation of Security Controls
• Domain 5. Assessment of Security Controls
• Domain 6. Authorization of Information Systems (IS)
• Domain 7. Continuous Monitoring

Exam Overview:

The CAP exam evaluates your expertise across seven domains. (Think of domains as topics you need to master based on your professional experience and education.) Passing the exam proves you have the advanced knowledge to authorize and maintain information systems within the RMF.

Program Components

• CAP Training Program
• CAP Video Lecture and Demonstrations
• CAP Review Questions
• Device of Your Choice