The heart of cybersecurity is Risk Management. The Certified Authorization Professional (CAP®) is an ISC2 certification. It demonstrates the professional's skill and expertise within the Risk Management Framework (RMF) as defined by the National Institute of Standards and Technology (NIST). The CAP® is the only certification under the DoD8570 mandate that aligns with each RMF step. It shows employers you have the advanced technical skills and knowledge to authorize and maintain information systems within the RMF using best practices, policies and procedures established by the cybersecurity experts at (ISC)².
To qualify for the CAP you must have a minimum of two years of cumulative paid work experience in one or more of the seven domains of the CAP Common Body of Knowledge (CBK).
Define and implement a Risk Management Framework (RMF) Select, tailor and document security controls Prepare for security control assessment Perform ongoing security control assessments
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.