Certified Authorization Professional

What Does Certified Authorization Professional Mean?

A certified authorization professional (CAP) is a vendor-neutral certification that tests, validates and certifies an individual’s ability to understand, implement and maintain secure authorization for information systems.


This certifications is meant for experienced ICT professionals in security and information assurance whose jobs involve Governance, Risk and Compliance (GRC). The certification is developed, maintained and monitored by the International Information Systems Security Certification Consortium ((ISC)2).

Techopedia Explains Certified Authorization Professional

CAP certifies and validates an individual's ability to understand, apply and/or implement a risk management program for IT systems within an organization.

The key points of CAP assessment include:

  • Risk management frameworks
  • Types of information systems
  • Selecting security controls
  • Security control implementation
  • Assessing the effectiveness of security controls
  • Information system authorization
  • Monitoring security controls

To qualify for certification, candidates need to have a minimum of two years of cumulative, paid work experience in one or more of the seven areas above.


Related Terms

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…