CAP - Certified Authorization Professional

The ISC2 CAP certification is an industry recognized, vendor neutral credential. The certification is proof of a person's competence across a spectrum of skills including security authorization, Risk Management Framework (RMF), Plan of Action and Milestones (POAM), and security control assessment plan. uCertify’s guaranteed certification course for CAP exam is comprehensive and helps you earn your certification and gain knowledge. Here’s what to expect from your uCertify course:

• 100% Exam Coverage • Interactive E-Book • Pre-Assessment • 266 Practice Questions with Full Explanations • 97 Interactive Quizzes • Test History and Performance Review and Powerful Analytics • Study Planner • Continuously Updated



Prepare for the following certification

The Certified Authorization Professional certification exam is a standalone certification from ISC2.

The certification is targeted at authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers. The exam covers risk management approach to security authorization, RMF steps, relationship between RMF and SDLC, security control assessment, and Plan of Action and Milestones (POAM).

The Certified Authorization Professional certification exam is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD).

Skills Measured

  • Understanding the risk management approach to security authorization
  • Understanding the relationship between RMF and SDLC
  • Categorizing the system
  • Identifying common (inheritable) controls
  • Developing a security control monitoring strategy
  • Determining security control effectiveness
  • Performing initial remediation actions
  • Developing the final security assessment report and addendum
  • Determining security impact of changes to system and environment
  • Developing Plan of Action and Milestones (POAM)

Related Certifications

CAP Course Duration

This is a self-paced, independent study program, so there are no minimum or maximum restrictions placed by uCertify. The amount of time you will take depends on your existing knowledge of the area and related experience, as well as your availability. We recommend at least 2-3 weeks if you have at least two years of direct full time security professional work experience in one or more of the seven domains of the ISC2 CAP CBK.

Authored by Industry Experts

uCertify uses content from the finest publishers and only the IT industry's finest instructors. They have a minimum of 15 years real-world experience and are subject matter experts in their fields. Unlike a live class, you can study at your own pace. This creates a personal learning experience and gives you all the benefits of hands-on training with the flexibility of doing it around your schedule 24/7.

Exercises, Quizzes & Flashcards

uCertify's exercises, quizzes and flashcards prepare you for your exams differently and more effectively than the traditional exam preps on the market. You will have practice quizzes, flashcards and exercises after each module to ensure you are confident on the topic you have completed before proceeding. This will allow you to gauge your effectiveness before moving to the next module in your course.

Practice Test Sets

uCertify courses also include full length practice test sets designed to test your knowledge under real exam conditions. Each course has a number of test sets consisting of hundreds of items to ensure you are 100% prepared before taking your certification exam.

Exam Simulators

Online labs to supplement your training. uCertify labs are an inexpensive & safe way to explore and learn. uCertify labs are versatile - labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training.

State of the Art Educator Tools

uCertify knows the importance of instructors and provide tools to help them do their job effectively. Instructors are able to clone and customize course, do ability grouping, create sections, design grade scale and grade formula, create and schedule assignments. Educators can also move a student from self-paced to mentor-guided to instructor-led mode in three clicks.

Award Winning Learning Platform (LMS)

uCertify has developed an award winning, highly interactive yet simple to use platform. uCertify understands that it is critical to help student focus on learning the subject and not learning the LMS. uCertify helps student retain and recall the knowledge by teaching students using interactive exercises. Features such as actionable analytics and study planner help in keeping students focused.


CAP Course/Exam Objectives

  • Lesson 1: Risk Management Framework (RMF)
    • Describe the Risk Management Framework (RMF)
    • Describe and distinguish among the Risk Management Framework (RMF) steps
    • Identify Roles and Define Responsibilities
    • Understand and Describe How the RMF Process Relates to
    • Understand the relationship between the RMF and SDLC
    • Understand legal, regulatory, and other requirements for Security Authorization
  • Lesson 2: Categorization of Information Systems
    • Categorize the system
    • Describe the information system, including the security authorization boundaries
    • Register the system
  • Lesson 3: Selection of Security Controls
    • Identify and document common (inheritable) controls
    • Select, Tailor, and Document Security Controls
    • Develop security control monitoring strategy
    • Review and Approve a Security Plan
  • Lesson 4: Security Control Implementation
    • Implement Selected Security Controls
    • Document Security Control Implementation
  • Lesson 5: Security Control Assessment
    • Prepare for Security Control Assessment
    • Develop Security Control Assessment Plan
    • Assess Security Control Effectiveness
    • Develop Initial Security Assessment Report (SAR)
    • Review Interim SAR and Perform Initial Remediation Actions
    • Develop Final SAR and Optional Addendum
  • Lesson 6: Information System Authorization
    • Develop Plan of Action and Milestones (POAM)
    • Assemble Security Authorization Package
    • Determine risks
    • Determine the Acceptability of Risks
    • Obtain Security Authorization Decisions
  • Lesson 7: Monitoring Of Security Controls
    • Determine security impact of changes to systems and environment
    • Perform ongoing security control assessments
    • Conduct ongoing remediation actions
    • Update key documentation
    • Perform periodic security status reporting
    • Decommission and Remove System

Career Prospects

A CAP Certified Professional has several career opportunities open up to them, including:

  • Authorization Professional
  • Accreditation professional
  • Chief Security Officer



What certificate do I earn on passing the CAP exam?
If you pass ISC2's CAP exam you will get credit towards the following certification:
What is the exam registration fee?
USD 419

Pricing and taxes may vary from country to country.

Pricing and taxes based on location of the exam. Click here to get more information on exam pricing.

Where do I take the exam?
The ISC2 CAP exam is administered by Pearson VUE at testing centers worldwide. Click here to find a testing center near you.
What is the format of the exam?
The exam has different forms to ensure integrity and security of the examination.
What is the Pre-requisites of the exam?

ISC2 has the following pre-requisites for Certified Authorization Professional exam:

  • Candidates should have a minimum of two years of cumulative information systems, security authorizartion related work experience.
How many questions are asked on the exam?
The exam contains 125 questions.
What is the duration of the exam?
180 minutes
What is the passing score?

(on a scale of 0-1000)

What is the exam's retake policy?

In the event that you fail your first attempt at passing the CAP certification, ISC2's retake policy is:

  • Candidates who do not pass the exam the first time will be able to give the re-test after 30 days.
  • Candidates that fail a second time will need to wait 90 days prior to sitting for the exam again. In the unfortunate event that a candidate fails a thirds time, the next available time to sit for the exam will be 180 days after the most recent exam attempt.
What is the validity of the certification?
ISC2's Certified Authorization Professional certification expires three years from date of issue, after which the certification holder will need to renew their certification. Click here for more information.
Where can I find more information about this exam?
To know more about the CAP exam, click here.

At a Glance

CAP Course Includes Free Buy
Lessons 1 7
Pre-Assessment Yes Yes
Practice Tests 0 2
Total Questions 20 266
Interactive Quizzes 5 97
Final Test No Yes

Overall Customer Rating!


4.6 out of 5 Pass Ratio: 97.23%.
9 out of 10 customers who purchased this course would recommend the product to their friends.

Our Customers are talking!

This prepkit as well as the others in the series really helped me pass my exams. Of all the things I purchased Practice questions, Mock tests, tutorials and exercises were really great. I can surely say that this is the best exam guide for the CPS and CAP exam. You really don't need anything else.

Bobby Torrens

I would definitely recommend this CAP prepkit for a newcomer to the ISC-2 certification realm. It lays the basic details and covers all the topics needed by a CAP aspirant, and I can surely say that you can pass the exam with this prepkit alone.


All Thanks to ucertify.... I achieved my ISC-2 CAP certification with their prepkit. I really like the sample questions and detailed study notes which are really comprehensive and easy to learn.

Harry Thomas

Copyright © 2014 uCertify / All rights reserved.