jarubiojarubio Member Posts: 1 ■□□□□□□□□□

So far I have seen comparisons between SSCP and CISSP, but not amid SSCP and CAP, and here is my doubt. I have two years of experience, and I'm doubting what certification take. Moreover, the information about CAP certification is little and it seems that very few people have this certificate.

Any information would be appreciated.
Thank you.


  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,736 Admin
    Only a few hundred people currently have the (ISC)2 CAP or SSCP certifications. Both CAP and SSCP are not marketed nearly as well as the CISSP, so this is part of the reason for their obscurity. If you perform a search of the popular job boards you'll see that the SSCP is mentioned much more frequently than CAP. Also, the DoD Directive 8570.1 does not mention CAP at all.

    CAP is a certification about InfoSec system certification and accreditation. Key areas of knowledge are: systems authorization, security categorization and controls, security controls assessment, risk assessment, and documentation and reporting. You can request a copy of the CAP Candidate Information Bulletin for more details.

    In my opinion, the SSCP is a better cert to get if you are looking for an InfoSec job; CAP is something you'd only get if you actually worked in the field(s) of InfoSec systems certification/accreditation/risk management.
Sign In or Register to comment.