CAP or ISSAP

Dear all,

Have reached that stage where I really dont need any more certs, but just to keep my mind sharp was pondering any of the above. You all probably know my work is either working purely in a Cyber Risk capacity (technical risk/controls) or working with solution architects to make sure security design is robust and assurance is being achieved (so assurance architect type of role ensuring security controls are embedded in design). Appreciate CAP is more for DOD, any value outside this? Any recommendations on either? I like the CAP syllabus but not too sure on which one to do based on my background.

As always, thoughts are highly appreciated.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

JDMurray

I have always read that CAP and CISSP-ISSAP are specifically aimed at public sector agencies and are good to have together. I suppose private sector companies that work on public sector contracts (i.e., defense contractors) may value those two as well. Anything that can help a private sector company understand how the Fed/DoD works and thinks is a bonus.

scasc

Thanks JD - pretty much rules me out in that case as my work is not really Fed/DOD based. Not even US based

H-bomb

The CAP is essentially a credential demonstrating your knowledge of the Risk Management Framework (NIST SP 800-37). Unless you are working in the public sector/contractor, it may not hold much value. The ISSAP is not geared towards the public sector, however, the ISSEP is. IMO, I would go for ISSAP based on your experience.

scasc

Thanks for the response and letting me know.

E Double U

I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin.

scasc

E Double U said:

I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin.

Haha - true. I honestly like the CAP syllabus but have decided to focus my attention on compliance standards such as ISO 27001, NIST CSF, PCI etc. More relevant to my work to have this understanding.