(ISC)2 CAP | Certified Authorization Professional


Our CAP training program delivers a comprehensive review of authorizing and maintaining information systems.
Download Brochure (.pdf)
Request Group Training
About this Course
The Certified Authorization Professional (CAP) program is designed for the information security practitioner who champions system security commensurate with an organization’s mission and risk tolerance while meeting legal and regulatory requirements.
Register nowCourse Overview+ Show
Led by an (ISC)2 authorized instructor, the training and included course material for this official training seminar provides students with a comprehensive review of the knowledge and skills required to assess risk and establish security requirements and documentation. Additionally, this course will also help students successfully prepare for the CAP exam as it covers all seven domains of the CAP Common Body of Knowledge (CBK).
Students will receive several resources including (ISC)2’s official courseware and Study tools; such as CAP flashcards and student handbook. When you combine (ISC)2’s instructor-led training with the provided course material, this CAP training seminar is a great resource for individuals interested in passing the CAP exam or reviewing/refreshing their knowledge of authorizing and maintaining information systems.
What's Included+ Show
- 5 Days of CAP Training from an Authorized (ISC)2 Instructor
- Official (ISC)2 CAP Training Courseware
- Official (ISC)2 CAP Student Guide
- Official (ISC)2 CAP Training Flashcards
- 60 Days of OnDemand Access to the Recordings of your CAP Session (Video & Audio)
- NOTE: for Live Online training events only.
*A CAP certification exam voucher is available for an additional fee ($419 USD)
What You'll Learn+ Show
This official (ISC)2 training seminar is based on the seven domains found within the (ISC)2 Common Body of Knowledge (CBK) for CAP, ensuring students successfully prepare for the CAP certification exam while enhancing their overall competencies in authorizing and maintaining information systems.
- Domain 1: Information Security Risk Management Program
- Domain 2: Categorization of Information Systems (IS)
- Domain 3: Selection of Security Controls
- Domain 4: Implementation of Security Controls
- Domain 5: Assessment of Security Controls
- Domain 6: Authorization of Information Systems (IS)
- Domain 7: Continuous Monitoring
Domain 1: Information Security Risk Management Program
- Understand the Foundation of an Organization-Wide Information Security Risk Management Program
- Understand Risk Management Program Processes
- Understand Regulatory and Legal Requirements
Domain 2: Categorization of Information Systems (IS)
- Define the Information System (IS)
- Determine Categorization of the Information System (IS)
Domain 3: Selection of Security Controls
- Identify and Document Baseline and Inherited Controls
- Select and Tailor Security Controls
- Develop Security Control Monitoring Strategy
Domain 4: Implementation of Security Controls
- Implement Selected Security Controls
- Document Security Control Implementation
Domain 5: Assessment of Security Controls
- Prepare for Security Control Assessment (SCA)
- Conduct Security Control Assessment (SCA)
- Prepare Initial Security Assessment Report (SAR)
- Review Interim Security Assessment Report (SAR) and Perform Initial Remediation Actions
- Develop Final Security Assessment Report (SAR) and Optional Assendum
Domain 6: Authorization of Information Systems (IS)
- Develop Plan of Action and Milestones (POAM)
- Assemble Security Authorization Package
- Determine Information System (IS) Risk
- Make Security Authorization Decision
Domain 7: Continuous Monitoring
- Determine Security Impact of Changes to Information Systems (IS) and Environment
- Perform Ongoing Security Control Assessments (SCA)
- Conduct Ongoing Remediation Actions
- Update Documentation
- Perform Periodic Security Status Reporting
- Perform Ongoing Information System (IS) Risk Acceptance
- Decommission Information System (IS)
Concierge Service+ Show
Intrinsec’s Concierge Service focuses on you, providing a personalized human experience with one of our concierge representatives to ensure that you have a perfect experience from day one and beyond.
Not only will your representative reach out to you when you sign up, providing you with all the information you need, but they will also be on stand-by for any and all questions you may have.
After you have completed your class your concierge representative can provide you with relevant recommendations for upcoming events, discounts on training, and suggestions to help further your career.
Audience+ Show
The intended audience for the CAP training program is IT professionals who are focused on security assessment and authorization and continuous monitoring issues. It’s also a great fit for those who are interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management. Typically, the CAP course is ideal for those working in roles such as, but not limited to:
- IT Professionals
- Information Security Professionals
- Information Assurance Professionals
- Executives Who Must “Sign-Off” on Authority to Operate (ATO)
- Inspector Generals (IGs) and Auditors Who Perform Independent Reviews
- Program Managers Who Develop or Maintain IT Systems
Common Questions+ Show
What do I need to get my CAP certification?
To qualify for your CAP certification you will need a minimum of two years of cumulative paid work experience in one or more of the seven domains within the CAP Common Body of Knowledge (CBK).
What if I don’t yet have that experience?
Not to worry! If you don’t yet have that work experience, as you may become an Associate of (ISC)2 by passing the CAP exam. From there, you will have three years to accumulate your two years or work experience to get your full fledged CAP certification!
What counts towards paid work experience?
Paid work experience can come from full-time, part-time or even internships (internships can be paid or unpaid). Each of these categories are defined as:
- Full-Time Experience: A minimum of 35 hours/week, this experience is accursed monthly, meaning 4 weeks of 35 hours or more equals one month of experience.
- Part-Time Experience: Between 20 and 34 hours/week, with the hours logged converting to full-time experience as such:
- 1040 hours of part-time = 6 months of full-time experience
- 2080 hours of part-time = 12 months of full-time experience
- Internships: Internship experience can be paid or unpaid to qualify. Documentation on company/organization letterhead confirming your position is required.
Have more questions? Read our Frequently Asked Questions page or simply send your questions to us directly via our Contact Us page or our Live Chat and we will be more than happy to assist with any and all questions!