Don't miss an insight. Subscribe to Techopedia for free.


Certified Authorization Professional

What Does Certified Authorization Professional Mean?

A certified authorization professional (CAP) is a vendor-neutral certification that tests, validates and certifies an individual’s ability to understand, implement and maintain secure authorization for information systems.


This certifications is meant for experienced ICT professionals in security and information assurance whose jobs involve Governance, Risk and Compliance (GRC). The certification is developed, maintained and monitored by the International Information Systems Security Certification Consortium ((ISC)2).

Techopedia Explains Certified Authorization Professional

CAP certifies and validates an individual's ability to understand, apply and/or implement a risk management program for IT systems within an organization.

The key points of CAP assessment include:

  • Risk management frameworks
  • Types of information systems
  • Selecting security controls
  • Security control implementation
  • Assessing the effectiveness of security controls
  • Information system authorization
  • Monitoring security controls

To qualify for certification, candidates need to have a minimum of two years of cumulative, paid work experience in one or more of the seven areas above.


Related Terms