Certified Authorization Professional (CAP®)

Live Classroom
Duration: 5 days
Live Virtual Classroom
Duration: 5 days
Pattern figure


A Certified Authorization Professional (CAP®) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in line with the legal and regulatory requirements.

This course covers the broad spectrum of topics that are included in the CAP Common Body of Knowledge (CBK), and discusses all the seven domains that are tested in the certification examination for earning the CAP certification.


What You'll Learn

  • Understand risk management program processes
  • Understand regulatory and legal requirements
  • Define Information System (IS) and determine Categorization of the IS
  • Selection of Security Controls
  • Implement selected security controls
  • Prepare for and conduct Security Control Assessment
  • Prepare and review Security Assessment Report
  • Develop Plan of Action and Milestones (POAM)
  • Determine IS risks


  • Understand the foundation of an organization-wide information security risk management program
  • Understand risk management program processes
  • Understand regulatory and legal requirements

  • Define the Information System (IS)
  • Determine Categorization of the Information System (IS)

  • Identify and document baseline and inherited controls
  • Select and tailor security controls
  • Develop security control monitoring strategy
  • Review and approve Security Plan (SP)

  • Implement selected security controls
  • Document security control implementation

  • Prepare for Security Control Assessment (SCA)
  • Conduct Security Control Assessment (SCA)
  • Prepare Initial Security Assessment Report (SAR)
  • Review Interim Security Assessment Report (SAR) and perform Initial Remediation Actions
  • Develop Final Security Assessment Report (SAR) and optional addendum

  • Develop Plan of Action and Milestones (POAM)
  • Assemble Security Authorization Package
  • Determine Information System (IS) risk
  • Make Security Authorization decisions

  • Determine Security Impact of Changes to Information Systems (IS) and environment
  • Perform Ongoing Security Control Assessments (SCA)
  • Conduct Ongoing Remediation Actions
  • Update documentation
  • Perform periodic security status reporting
  • Perform Ongoing Information System (IS) Risk Acceptance
  • Decommission Information System (IS)
Ripple wave

Who should attend

The course is highly recommended for –

  • US Federal government professionals, especially those in US Department of State or Department of Defense
  • Military professionals
  • Civilian roles, such as, federal contractors
  • Local governments
  • Private sector organizations


There are no mandatory prerequisites for this course, however, completing the Foundations of Agile course prior to taking up this course would be beneficial.

Interested in this Course?


    This course helps participants prepare for the certification examination for earning the CAP® certification. The details of the examination are as follows –

    Duration of the examination 3 hours
    Number of questions 125
    Format of the questions Multiple-choice questions
    Passing grade 700 out of 1000 points
    Exam availability English


    The examination evaluates the participant’s expertise in seven specific domains. The weightage of these domains in the examination is as below –

    Domain Weightage
    Information security risk management program 15%
    Categorization of Information Systems (IS) 13%
    Selection of Security Controls 13%
    Implementation of Security Controls 15%
    Assessment of Security Controls 14%
    Authorization of Information Systems 14%
    Continuous monitoring 16%

    Ready to recode your DNA for GenAI?
    Discover how Cognixia can help.

    Get in Touch
    Pattern figure
    Ripple wave