THE ULTIMATE

GUIDE TO THE CAP

Be the Expert in Risk Assessment and Security Authorization
Achieve
More
in Your
Career

You prove every day that you have

what it takes to authorize and
maintain information systems within
INSIDE…
the Risk Management Framework
»» Is the CAP Right for Me?
(RMF). But our profession is always
changing, and even the brightest »» CAPs in the Community
minds can benefit from having a
guide on the journey to success. »» Fast Facts About CAP
(ISC)2 is here to help you discover the
right path, create your plan and thrive »» Benefits of Being CAP-Certified
throughout your career.
»» Benefits of (ISC)2 Membership
The Ultimate Guide to the CAP »» CAP Exam Overview
covers everything to know about the
security assessment and authorization »» Official CAP Training
certification. See how the CAP – and
(ISC)2 – can differentiate you as a »» Pathway to CAP Certification
globally respected security leader.
»» Free CPE Opportunities

2
Is the CAP
Right for Me?
The CAP is ideal for IT, information security and information
assurance practitioners and contractors seeking to prove their
understanding of the RMF. It shows you have the advanced
knowledge and technical ability to formalize processes to asses
risk and establish security documentation.

Experience
To qualify for the CAP, candidates must pass the
exam and have at least two years of cumulative,
paid work experience in one or more of the seven
domains of the (ISC)² CAP Common Body of
Knowledge (CBK®).

A candidate who doesn’t yet have the required

experience to become a CAP may become an
Associate of (ISC)² after successfully passing the CAP
exam. The Associate of (ISC)² will then have three years
to earn the experience needed for CAP certification.

Discover Your Path

See “Pathway to CAP Certification”
for more information.

Jobs that Typically Use or Require the CAP

»» The U.S. federal government, »» Civilian roles, such as

such as the U.S. Department of federal contractors
State or Department of Defense
»» Local governments
»» The military
»» Private sector organizations

3
CAP is a great certification to earn and The CAP not only helps to explain
have on your resume. It shows you how the federal government operates
understand what is required to secure but lays the foundation for how you
IT systems. Also, understanding the Risk work and what to expect in the way
Management Framework will help you of security and privacy controls and
during the interview process. countermeasures.

Brain Braxton Larry G. Wlosinski

Information Security Analyst/ISSO Senior Consultant
Bethesda, MD, USA Coalfire – Federal
Washington, D.C., USA

CAPs in the Community

I immediately got a raise and promotion after earning

CAP certification. I also gained the knowledge and skills
needed to perform my job as a security analyst.

Ernest Blankson
Information Technology Specialist – Security
Administrative Office of the US Courts
Washington, D.C., USA

Join the (ISC)² Community!

Meet, learn from and ask questions of CAPs in our virtual community. You don’t have to
be an (ISC)2 member to join relevant discussions with a network of security professionals
focused on ensuring a safe and secure cyber world.
4
 Fast Facts About CAP
Introduced in 2005

DoD Approved
IAM Level I &
Average CAP Salary: IAM Level II
US $121,510
-CertMag 2018 Salary Survey

Supported by a network
of more than 140,000
professionals
The ONLY certification
under the DoD8570
mandate aligns with
each RMF step

CAP ALIGNMENT WITH THE RMF

Catagorize
System

Monitor Select
Controls Controls

Prepare

Authorize Implement
System Controls

Assess
Controls

5
Benefits of Being CAP-Certified

Career advancement
Raise visibility and credibility,
improve job security and
create new opportunities. Versatile skills
Vendor-neutral so skills
can be applied to
different technologies and
methodologies.

Respect
Differentiate yourself to
employers, clients and peers.

Solid foundation
Be better prepared to stem
cyber attacks and inspire
a safe and secure cyber
Community of professionals world.
Gain access to (and respect from)
a global community of like-
minded cybersecurity leaders.

Higher salaries
On average, (ISC)² members
report earning 35% more
than non-members.
Expanded knowledge
Reach a deeper, better and
broader understanding of the
common body of knowledge
for cybersecurity.
Stronger skill set
Expand the skills and
knowledge needed to fulfill
organizational duties.

6
Benefits of
(ISC)2 Membership
Once you earn your CAP, you become an (ISC)2 member
and part of a professional community that never stops
learning and growing. You also gain access to a full suite
of benefits and resources for continuing education and
development:

»» Free subscription to InfoSecurity Professional Magazine

»» Member pricing for (ISC)2 events
»» 50% off official (ISC)2 textbooks
»» Deep discounts on industry conferences
»» Expert-led webinars on the latest security issues
»» The ability to join or start a local (ISC)2 Chapter
»» Immersive online professional development courses
»» Volunteer opportunities
»» Safe and Secure Online program
»» Professional recognition through (ISC)2 Awards Programs
»» Digital badges to promote expertise
»» (ISC)2 Member Perks

Digital Badges Show Off Your Skills

A digital badge is the cool (and secure) way to share your credential
online. You can attach it to a website, digital resume, email signature or
social network. And with one simple click, employers and colleagues can
verify your credential – and all that’s required to earn it.

Easy to claim and use, digital badges let you…

»» Share abilities online
»» Prove verification of abilities in real time
»» Show the experience and knowledge required to earn your CAP

7
 CAP Exam Overview
The CAP exam
evaluates your CONTINUOUS INFORMATION SECURITY
MONITORING RISK MANAGEMENT
expertise across seven PROGRAM
domains. (Think of
domains as topics you 16 % 15 %
need to master based
on your professional
experience and
education.) Passing AUTHORIZATION CATEGORIZING
OF INFORMATION OF INFORMATION
the exam proves you SYSTEMS (IS) 14 % 13% SYSTEMS (IS)
have the advanced
knowledge to
authorize and maintain
information systems
within the RMF.
14 % 13 %
SELECTION OF
SECURITY CONTROLS
ASSESSMENT OF 15 %
SECURITY CONTROLS

IMPLEMENTATION OF
SECURITY CONTROLS

125
3
Number of items on the CAP exam

Maximum amount of time Exam availability: English

for the CAP exam
Testing Centers: Pearson VUE
hrs.

700 Score you need out of 1,000

to pass the exam

8
Official
CAP
Training
With classroom based, Classroom-based Online Instructor-Led
online instructor-led and
private on-site courses,
(ISC)2 has a training
option to fit different
schedules and learning
styles. Trainings, seminars,
courseware and self-study
aids directly from (ISC)2 or
one of our many Official
Training Providers help
you get ready for the CAP
exam by reviewing relevant
domains and topics. Private On-site

CAP Study Resources

»» Exam Outline

»» Official (ISC)² Guide to the CAP CBK

Second Edition

»» Official CAP Flash Cards

»» Suggested References

Create Your Plan

Get your copy of the (ISC)²
Certification Prep Kit.
9
 Pathway to CAP Certification
Obtain the Required Experience
To qualify for the CAP, candidates must have at least two years of cumulative, paid full-time work
experience in one or more of the seven domains:

Domain 1. Information Security Risk Domain 4. Implementation of Security Controls

Management Program Domain 5. Assessment of Security Controls
Domain 2. Catagorization of information Systems (IS) Domain 6. Authorization of Information Systems (IS)
Domain 3. Selection of Security Controls Domain 7. Continuous Monitoring

If you don’t have enough experience yet, you can still pass the CAP exam and become
an Associate of (ISC)² while you earn the work experience needed.

Study for
Many self-study resources are available from (ISC)² – the creator and keeper of the
CAP CBK – to help you prepare with confidence. Some CAP candidates pass the
the Exam exam with self-study, and many choose to attend an (ISC)² Direct Training seminar
to review and refresh knowledge before sitting for the exam.

Pass the
Candidates are given a maximum of three hours to complete the 125-item
CAP exam. If you’re ready now, schedule your exam by creating an account
Exam with Pearson VUE, the leading provider of global, computer-based testing for
certification and licensure exams.

Get After you pass the exam, you will have nine months from the date of the exam to
Endorsed complete the (ISC)2 endorsement process.

Once you are certified, you become a member of (ISC)² and recertify every

Earn CPEs
three years. Recertification is accomplished by earning continuing professional
education (CPE) credits and paying an Annual Maintenance Fee (AMF) to support
ongoing development.

60 CPEs U.S. $125 AMF 3 years

Multiple certification holders only pay a single annual AMF.
Free CPE Opportunities
The CPE requirement helps you maintain your competencies following
initial certification. By developing and enhancing skills through CPE
activities, you make an important investment in yourself while increasing
value to customers and employers.

(ISC)² makes it possible for you to earn all your CPE credits without
spending a dime.

Join Webinars
Think Tanks
Security Briefings

eSymposiums

Read & Write

Read the bimonthly InfoSecurity Professional e-magazine and take a short quiz
Subscribe to and summarize an information security magazine
Read a book directly related to CAP and submit a 150-word review
Author an information security article published in a journal or magazine

Review an educational white paper related to the CAP

Attend Events
(ISC)2 Solutions Summit
(ISC)² Chapter meetings

Prepare or attend an educational presentation related to the CAP CBK domains

Volunteer
Become a Safe and Secure Online Ambassador and spread your knowledge about
cyber safety in your community
Volunteer to help develop (ISC)² Certification exams

Thrive Throughout Your Career

More info on Member Benefits

11
Get in Touch with Us
For more information about CAP certification and training, contact an Education Consultant in
your region:

North America: Phone: +1.866.331.4722 ext. 2 Email: training@isc2.org

Europe, Middle East and Africa: Phone: +44 (0)203 960 7804 Email: info-emea@isc2.org

Latin America: Phone: +55 21 3174 4613 Email: connectlatam@isc2.org

Asia-Pacific: Phone: +852.2850.6951 Email: isc2asia@isc2.org

Japan: Email: infoisc2-j@isc2.org
China: Email: isc2china@isc2.org

About (ISC)2
(ISC)² is an international nonprofit membership association focused on inspiring a safe and
secure cyber world. Best known for the acclaimed Certified Information Systems Security
Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a
holistic, pragmatic approach to security. Our membership, more than 140,000 strong, is
made up of certified cyber, information, software and infrastructure security professionals
who are making a difference and helping to advance the industry. Our vision is supported
by our commitment to educate and reach the general public through our charitable
foundation – The Center for Cyber Safety and Education™.