At a glance, the CASP+ and CISSP certifications are similar to a large extent. The truth is that they are not interchangeable, due to different objectives and somewhat disparate career paths. However, both certifications prove that the candidate has technical and advanced-level skills to maintain the security of information systems and networks.

The CISSP certification features additional skills used to perform identity and access management (IAM), security assessment and testing, and software development authority. CASP+ covers two unique areas of information security, including technical integration of enterprise security and research, development and collaboration. These are not included in the CISSP.

In this article, we’ll take a deep dive into both certifications and try to understand the nuances of the CASP+ and CISSP certifications. We’ll look at the similarities and differences between the two, as well as how to know which certification is the best fit for you.

The difference in job roles

On its face, CISSP supports more job roles than the CompTIA CASP+. The following table includes a breakdown of the different job roles between the two.

Network architectSecurity architect
Security consultantApplication security engineer
Security architectTechnical lead analyst
Security auditorSecurity engineer
Security manager
Security analyst
Security systems engineer
IT director/manager
Director of security
Chief information officer
Chief information security officer

CASP+ objectives (domains) and CISSP Common Body of Knowledge (CBK)

Whether they are objectives/domains or a Common Body of Knowledge (CBK), there is no serious difference between the two, as both terms cover the exam topics.

CompTIA CASP+ domains

DomainExam Percentage
1 — Risk Management19%
2 — Enterprise Security Architecture25%
3 — Enterprise Security Operations20%
4 — Technical Integration of Enterprise Security23%
5 — Research, Development and Collaboration13%

CISSP CAT Common Body of Knowledge (CBK)

DomainsExam Percentage
1 — Security and Risk Management15%
2 — Asset Security10%
3 — Security Architecture and Engineering13%
4 — Communication and Network Security14%
5 — Identity and Access Management13%
6 — Security Assessment and Testing12%
7 — Security Operations13%
8 — Software Development Security10%

What are the similarities between CASP+ and CISSP?

Both certifications are renewed after a three-year certification life cycle. In addition, both are compliant with ISO-17024 standard and accepted by the United States Department of Defense (DoD) to fulfill Directive 8140 (DoDD 8570) requirements.

The similarities between the CASP+ domains/objectives and the CISSP CBK are greater than their differences. For example, the opening domain of each of these certifications talks about risk management. (CASP+ pays more heed to risk management and gives 19% exam weight to it, unlike the CISSP, which assigns of 15%.) In addition, the following topics are also common in both certifications:

  • Security architecture
  • Security operations

Moreover, the following job roles are also common in both certifications.

  • Security architect
  • Security engineer

Furthermore, neither of these two certifications is vendor-specific; they are both vendor-neutral.

How do CASP+ and CISSP differ?

Although both certifications are alike in some ways, they also differ from each other in others. One of the key differences between CASP+ and CISSP is the experience requirements.

CISSP requires candidates to have a minimum of five years of cumulative, paid and full-time work experience in two or more of the eight CISSP CBK domains. However, if the candidate does not possess the required experience for CISSP, he or she may become an associate of (ISC)² by successfully passing the CISSP exam. Doing so can help the candidate to earn their required experience by remaining as an associate of (ISC)² for at least six years.

On the other hand, CompTIA CASP+ requires the candidate to have a minimum of 10 years of experience in IT administration, including at least five years of hands-on technical security experience.

The CISSP exam is more challenging than CASP+ in terms of exam material. The CISSP exam consists of eight domains, while CASP+ covers only five. The dissimilar domains or objectives of both exams are described in the following table.

CISSP Dissimilar DomainsCASP+ Dissimilar Domains
Asset SecurityTechnical Integration of Enterprise Security
Communication and Network SecurityResearch, Development and Collaboration
Identity and Access Management (IAM)
Security Assessment and Testing
Software Development Security

Risk Management, Security Architecture and Security Operations are similar or common domains in both CASP+ and CISSP exam.

Both exams also differ in terms of exam details:

  • CASP+: Maximum of 90 questions and the length of the test is 165 minutes. CASP+ is available in English and Japanese. Requires 75 Continuing Education Units (CEUs) in three years to renew certification
  • CISSP: 100-150 questions and the length of the test is three hours. CISSP is available only in English. Requires 120 CPE credits in three years to renew certification

Read more…

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services