CERTIFIED AUTHORIZATION PROFESSIONAL (CAP)
The Certified Authorization Professional (CAP) course provides in-depth knowledge and practical skills required to authorize, assess, and manage risk for information systems throughout their lifecycle. The certification is awarded by ISC2 and is internationally recognized as the leading credential for professionals responsible for information system authorization, governance, and risk management. CAP is strongly aligned with risk management frameworks (RMF) used in regulated, government, defense, and critical infrastructure environments. The course emphasizes integrating security and privacy into system design, assessing controls, managing continuous monitoring, and making informed authorization decisions that balance mission needs with acceptable risk. Successful completion prepares participants for the CAP certification examination and roles in security authorization, governance, risk, and compliance (GRC). Course Objectives By the end of this course, learners will be able to: Apply risk management principles across the system lifecycle Categorize information systems based on impact and sensitivity Select, implement, and assess security controls Support authorization and accreditation (A&A) decisions Perform continuous monitoring and risk reporting Align system security with organizational and regulatory requirements Prepare for the CAP certification examination
Course Curriculum
1
- Risk management concepts and principles
- Governance, roles, and responsibilities
- Risk tolerance and acceptance
- Integration of security into organizational processes
2
- System impact analysis
- Data sensitivity and criticality
- Security categorization standards
- Mission and business impact considerations
3
- Control baselines and tailoring
- Security and privacy control families
- Cost-benefit and risk-based selection
- Inheritance and common controls
4
- Secure system design and configuration
- Control documentation and evidence
- Integration of security into SDLC
- Configuration and change management
5
- Control assessment methodologies
- Testing and evaluation techniques
- Evidence collection and validation
- Assessment reporting
6
- Authorization decision processes
- Risk acceptance and accountability
- Authorization documentation
- Communication with authorizing officials
7
- Continuous monitoring strategies
- Ongoing assessment and reporting
- Managing changes and emerging risks
- Maintaining authorization over time
8
- Instructor-led professional training
- Case studies and authorization scenarios
- Practical risk assessment and documentation exercises
9
- GRC and risk management professionals
- Information system security officers (ISSOs)
- Security authorization and compliance analysts
- IT auditors and assessors
- Government, defense, and regulated-industry professionals
- Professionals preparing for the CAP certification
10
- No prerequisite to sit for the exam
- At least two years of cumulative, paid work experience in one or more CAP domains is required for certification award (per ISC2 requirements; waivers may apply)
11
- Domain-based quizzes and evaluations
- Scenario-based risk and authorization exercises
- Mock CAP examinations
- Final assessment aligned with the CAP exam
12
Successful candidates earn the Certified Authorization Professional (CAP) designation, validating expertise in information system authorization, risk management, and governance.
This course includes
- 12+ Activity Modules
- 40 hours + lessons
- Lifetime access
- Certificate of completion
- Available on desktop and mobile
Some of Our Partners
