Certified Authorization Professional (CAP) exam review

redzredz CISSP-ISSAP, ISSEP, ISSMP, CAP (& others)Member Posts: 265 ■■■□□□□□□□
I did a summary search for the Certified Authorization Professional (CAP) certification and didn't really see anything on here. So, I figured I might at least leave a bit of review information on the exam here.

Difficulty: If you have the requisite C&A experience, the exam should be fairly trivial. I have 3 years of DIACAP experience and 2 years of NIST RMF experience, and took the exam after studying the official CBK for ~2 hours per day for five days. I didn't even manage to force-read the entire book. The knowledge required was mostly basic; think CISSP depth, but with NIST RMF breadth.

Notes: Know your NIST SP numbers. Not all of them, but the "important" ones: 30, 37, 53, 53a, et al. Most aren't listed with the title, they look like "NIST SP 800-30". A bit of memorization will help here, and I noticed several questions that only relied on knowing which SP covered which information. It makes those questions free points. I didn't see anything on DITSCAP, so don't waste your time. There was more than I expected about DIACAP, though still not much and not deep. Know the phases (and how they relate to NIST). I would bet that the coming revision will remove most, if not all, of the DIACAP information in favor of more NIST-centric knowledge, as DIACAP is to be phased out.

Marketability: This cert isn't very marketable, in my opinion, especially outside the federal government. It's young (<1500 certified, according to ISC2), and a lower level than the CISSP. It's part of 8570, which is a big part of its market audience, but CISSP satisfies the same fields at a higher level. A summary Dice.com search shows 204 hits for "CAP", but many are not for this credential; "Certified Authorization Professional" pulls 2 results (but many asking for it may not be spelling it out - So, somewhere between 2 and 204).

If you have any other questions regarding the material, let me know, I'll do my best to help.


  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,733 Admin
    Thanks for the info. As of 7/1/13, 1472 people world-wide have CAP. I think the last time I checked a couple of years ago, there were only about 500 CAP-certified. That's a much better growth rate than the SSCP, which after all these years is only at 1497 certified. CAP is targeting a very highly-specialized cert market, while the SSCP is far more generalized.
Sign In or Register to comment.