At a glance, the CASP+ and CISSP certifications are similar to a large extent. The truth is that they are not interchangeable, due to different objectives and somewhat disparate career paths. However, both certifications prove that the candidate has technical and advanced-level skills to maintain the security of information systems and networks.
The CISSP certification features additional skills used to perform identity and access management (IAM), security assessment and testing, and software development authority. CASP+ covers two unique areas of information security, including technical integration of enterprise security and research, development and collaboration. These are not included in the CISSP.
In this article, we’ll take a deep dive into both certifications and try to understand the nuances of the CASP+ and CISSP certifications. We’ll look at the similarities and differences between the two, as well as how to know which certification is the best fit for you.
The difference in job roles
On its face, CISSP supports more job roles than the CompTIA CASP+. The following table includes a breakdown of the different job roles between the two.
|Network architect||Security architect|
|Security consultant||Application security engineer|
|Security architect||Technical lead analyst|
|Security auditor||Security engineer|
|Security systems engineer|
|Director of security|
|Chief information officer|
|Chief information security officer|
CASP+ objectives (domains) and CISSP Common Body of Knowledge (CBK)
Whether they are objectives/domains or a Common Body of Knowledge (CBK), there is no serious difference between the two, as both terms cover the exam topics.
CompTIA CASP+ domains
|1 — Risk Management||19%|
|2 — Enterprise Security Architecture||25%|
|3 — Enterprise Security Operations||20%|
|4 — Technical Integration of Enterprise Security||23%|
|5 — Research, Development and Collaboration||13%|
CISSP CAT Common Body of Knowledge (CBK)
|1 — Security and Risk Management||15%|
|2 — Asset Security||10%|
|3 — Security Architecture and Engineering||13%|
|4 — Communication and Network Security||14%|
|5 — Identity and Access Management||13%|
|6 — Security Assessment and Testing||12%|
|7 — Security Operations||13%|
|8 — Software Development Security||10%|
What are the similarities between CASP+ and CISSP?
Both certifications are renewed after a three-year certification life cycle. In addition, both are compliant with ISO-17024 standard and accepted by the United States Department of Defense (DoD) to fulfill Directive 8140 (DoDD 8570) requirements.
The similarities between the CASP+ domains/objectives and the CISSP CBK are greater than their differences. For example, the opening domain of each of these certifications talks about risk management. (CASP+ pays more heed to risk management and gives 19% exam weight to it, unlike the CISSP, which assigns of 15%.) In addition, the following topics are also common in both certifications:
- Security architecture
- Security operations
Moreover, the following job roles are also common in both certifications.
- Security architect
- Security engineer
Furthermore, neither of these two certifications is vendor-specific; they are both vendor-neutral.
How do CASP+ and CISSP differ?
Although both certifications are alike in some ways, they also differ from each other in others. One of the key differences between CASP+ and CISSP is the experience requirements.
CISSP requires candidates to have a minimum of five years of cumulative, paid and full-time work experience in two or more of the eight CISSP CBK domains. However, if the candidate does not possess the required experience for CISSP, he or she may become an associate of (ISC)² by successfully passing the CISSP exam. Doing so can help the candidate to earn their required experience by remaining as an associate of (ISC)² for at least six years.
On the other hand, CompTIA CASP+ requires the candidate to have a minimum of 10 years of experience in IT administration, including at least five years of hands-on technical security experience.
The CISSP exam is more challenging than CASP+ in terms of exam material. The CISSP exam consists of eight domains, while CASP+ covers only five. The dissimilar domains or objectives of both exams are described in the following table.
|CISSP Dissimilar Domains||CASP+ Dissimilar Domains|
|Asset Security||Technical Integration of Enterprise Security|
|Communication and Network Security||Research, Development and Collaboration|
|Identity and Access Management (IAM)|
|Security Assessment and Testing|
|Software Development Security|
Risk Management, Security Architecture and Security Operations are similar or common domains in both CASP+ and CISSP exam.
Both exams also differ in terms of exam details:
- CASP+: Maximum of 90 questions and the length of the test is 165 minutes. CASP+ is available in English and Japanese. Requires 75 Continuing Education Units (CEUs) in three years to renew certification
- CISSP: 100-150 questions and the length of the test is three hours. CISSP is available only in English. Requires 120 CPE credits in three years to renew certification
Benefits of CISSP
CISSP is a globally recognized certification and can open up information security jobs in the United States and elsewhere. According to (ISC)², the CISSP is the most valued information security certification in the world and employers give it 53% more preference over any other cybersecurity certification. Career prospects of the CISSP certification are:
- IA manager level II
- IA manager level III
- IA technical level III
(ISC)² (the CISSP vendor) regularly conducts Job Task Analysis (JTA) to maintain the relevancy of the CISSP exam with modern information security trends. JTA is a methodical process whose purpose is to scrutinize the job roles of CISSP security professionals in order to make sure that they are meeting the current information security needs of the organizations. Once the JTA is successfully performed, the acquired information will be used to update the CISSP CBK in order to make it more relevant and appropriate for information security practices and careers.
Benefits of CASP+
CASP+ offers technical mastery for cybersecurity managers. Without a deep knowledge of technology, managing a cybersecurity team or program can become a daunting task. For instance, if you are given a task by your company’s top management to ensure compliance with a specific government standard, the request may include rolling out infrastructure requirements and complex cybersecurity technologies. However, CASP+-certified experts have an understanding of government standards and know how to meet their compliance requirements. The CASP+ certifies that a person possesses the advanced skills required to design, implement and lead technical solutions.
In addition, CASP+ certification supports the cybersecurity architect role, which is in high demand worldwide. Per CyberSeek statistics, the annual salary of a cybersecurity architect is $133,000. More than 5,000 jobs are available in the U.S. alone. Moreover, CASP+ is a globally recognized certification and therefore offered in many countries.
The career prospects for CASP+ certification holders include:
- IA manager level II
- IA technical level III
- IA architect and engineer level I
- IA architect and engineer level II
Since governments and regulators rely heavily on ANSI accreditation, CompTIA has delivered over 1.3 million ISO/ANSI-accredited exams since 2011 and is still continuing its efforts. The current CompTIA CASP+ exam version is CAS-003 and was made available on April 2nd, 2018.
Which certification is right for you?
Attaining a CISSP certification proves that you have technical skills and advanced knowledge to develop, design and manage an organization’s overall security defense mechanism. It includes risk management, asset security, security architecture, network security, security operations, security assessment and testing, and software development security. CISSP-certified professionals are security practitioners, security managers or executives with at least five years of information security experience. From CISOs to network architects, CISSPs are leaders who are always ready for information security challenges. Since CISSP meets the U.S. Department of Defense (DoD) Directive 8570.1, it is very useful for candidates who want to work in government institutions.
On the other hand, the CompTIA CASP+ credential certifies that you possess advanced-level skills in risk management, enterprise security architecture and operations, research and collaboration, and the integration of enterprise security. After being CASP+-certified, you will be able to conceptualize, integrate, engineer and implement security solutions across the organization’s complex environment. In addition, you will also apply judgment and critical thinking across a wide spectrum of security disciplines to suggest, implement and recommend proactive security solutions.
If you want to work in one of the following companies, then the CASP+ certification is right for you. The employers of these companies require CASP+ certification:
- Verizon Connect
- S. Navy
- S. Army
- Network Solutions
- Booz Allen Hamilton
In addition, you can also apply in the companies who require technical hands-on skills in CASP+ domains’ areas.
Both the CISSP and CASP+ certifications offer huge benefits to individuals and organizations because they provide necessary managerial and technical knowledge required to succeed in the IT industry. CISSP is a popular certification throughout numerous industries so the Return on Investment (ROI) for CISSP is much higher than CASP+.
CASP+ is rapidly gaining popularity and recognition in the IT industry. CASP+ certification holders impress employers due to their technical knowledge and hands-on skills, unlike the CISSP, which is more managerial than technical. However, both certifications can provide a wide range of opportunities in the information security industry.
- The Ultimate Guide to the CISSP, (ISC)2
- CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives, CompTIA
- CISSP – The World’s Premier Cybersecurity Certification, (ISC)²
- CompTIA Advanced Security Practitioner, EXAM CODES CAS-003, CompTIA
- WHAT’S THE DIFFERENCE BETWEEN CASP AND CISSP?, ITPRO.TV
- CISSP vs CASP+ Which Certification is Right for you?, SecureNinja
- Which IT Certification Is Best For Me CompTIA CASP vs CISSP?, uCertify