The (ISC)² CAP Exam Updates – October 2018
The (ISC)² Certified Authorization Professional (CAP) certification exam updates go into effective this October 15th, 2018. In this post we break down a quick overview of the certification, exam requirements, and the critical changes to the exam domains and content you need to know.
About the CAP Certification
The CAP certification is developed and monitored by the International Info System Security Certification Consortium Inc. (ISC)². CAP is intended for individuals committed to providing high quality security assessment and authorization services, which is essential to determining user/client privileges and access levels when it comes to computer programs and files, within the Risk Management Framework and applying those skills within an organization.
The Risk Management Framework (RMF) is an important process to follow because it is used to identify security threats to an organization and minimize overall risk upon impact.
The CAP Exam
Candidates for the CAP certification exam need to have a 2 years minimum of experience in one or more of the 7 domains of the CAP Common Body of Knowledge (CBK). If you do not have the experience you can still take the CAP exam, but will instead become an Associate of (ISC)² after sucessfully passing the exam. You then have 3 years to complete the required 2 years of experience to obtain the CAP certification.
Both the old and new exams will be exactly the same in terms of exam structure.
- Exam costs $599 USD
- 125 multiple choice questions
- Scoring is out of 1000 points and a 70% score minimum is required to pass
- Exam duration is 3 hours long
What’s New on the CAP Exam
If you compare what is covered in each of the sections, there are a few changes to each exam domain topics. See the changes below between the provided outlines.
Effective on October 15 of 2018, the CAP exam will be based on the new outline.
|Old Outline||New Outline|
|Domain 1: Risk Management Framework (RMF) (20%)
||Domain 1: Information Security Risk Management Program (15%)
| Domain 2: Categorization of Information Systems (8%)
||Domain 2: Categorization of Information Systems (IS) (13%)
|Domain 3: Selection of Security Controls (13%)
|| Domain 3: Selection of Security Controls (13%)
|Domain 4: Security Control Implementation (10%)
|| Domain 4: Implementation of Security Controls (15%)
|Domain 5: Security Control Assessment (19%)
|| Domain 5: Assessment of Security Controls (14%)
| Domain 6: Information System Authorization (13%)
|| Domain 6: Authorization of Information Systems (IS) (14%)
|Domain 7: Monitoring of Security Controls (17%)
|| Domain 7: Continuous Monitoring (16%)
How to Prepare for the CAP Exam
One of the most effective preparation options is to attend a training boot camp. Our CAP training course prepares individuals for the current and updated CAP exam.