Chat with us, powered by LiveChat


CAP - Certified Authorization Professional

CGRC Certified in Governance, Risk and Compliance Training Course & Boot Camp

As of February 15, 2023, the Certified Authorization Professional (CAP) certification has changed its name to Certified in Governance, Risk and Compliance (CGRC). [GO TO CGRC COURSE DETAILS]

SecureNinja's Certified Authorization Professional (CAP) training and certification boot camp in Washington, DC, San Diego, CA, and Columbia, MD covers the exam objectives that measure of the knowledge, skills, and abilities required for personnel involved in the process of authorizing and maintaining information systems within the Risk Management Framework (RMF). Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure those information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals. The CAP is the only certification under the DoD8570 mandate that aligns with each RMF step. It shows employers you have the advanced technical skills and knowledge to authorize and maintain information systems within the RMF using best practices, policies, and procedures established by the cybersecurity experts at (ISC)². The 4-day immersive boot camp covers all of the latest exam objectives complete with 400+ up-to-date exam question Quiz Engine.

Topics Covered

The CAP examination tests the breadth and depth of a candidate’s knowledge by focusing on the seven domains which comprise the CAP CBK® taxonomy of information security topics:

  • Understanding the Security Authorization of Information Systems
  • Categorize Information Systems
  • Establish the Security Control Baseline
  • Apply Security Controls
  • Assess Security Controls
  • Authorize Information System
  • Monitor Security Controls 

Who Should Attend

The credential is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD).  Job functions such as authorization officials, system owners, information owners, information system security officers and certifiers, as well as all senior system managers, apply.


The ideal candidate should have experience, skills or knowledge in any of the following areas:

  • IT Security
  • Information Assurance
  • Information Risk Management
  • Certification
  • Systems Administration
  • One - two years of general technical experience
  • Two years of general systems experience
  • One - two years of database/systems development/network experience
  • Information Security Policy
  • Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
  • Strong familiarity with NIST documentation

Required Exam


Course Length

32 hours

Follow-on Courses


These training courses are only delivered as an onsite format for groups of 5 or more. Our world-class instructors will bring our on-demand turn-key solution directly to you. Contact us now for more details and pricing


The Certified Authorization Professional (CAP), certifies you have the skills needed to understand Governance, Risk and Compliance (GRC) and can manage information systems utilizing risk management frameworks, as well as best practices, policies, and procedures.

The ISC2 CAP exam will have 125 multiple choice questions.

Candidates will have 3 hours to complete their CAP exam.

You can schedule and find the nearest testing center for your CAP exam through Pearson VUE website.

There are no requirements to take the CAP exam but to receive your CAP certificate you must become a member or associate of ISC2.

Show More FAQs