The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

CompTIA CASP, an Alternative to CISSP Certification

Choosing CASP over CISSP can save you some green when working for the Red, shop White & Blue

With today’s Department of Defense (DoD) information technology workforce facing the prospect of obtaining and maintaining certifications, the question many of you may be facing is which certification path makes sense. This is particularly true in light of recent action that adds CompTIA’s Advanced Security Practitioner (CASP) certification to the DoD list of qualifying exams for Information Assurance Technology Level 3 (IAT-3) workers.

CISSP certification has been pretty much the standard path for those seeking an advanced IT security certification that qualifies for IAT Level 3 under DoD Directive 8570.1. The cost of the exam (currently $599), coupled with the perceived difficulty of the exam (which until recently needed to be taken at specific scheduled time, utilizing a Scantron grading sheet), made it a challenge for many exam candidates.  Additionally CISSPs face a certification maintenance fee of $85 per year.

"Providing a fair comparison of the rigor associated with the certification exams presents challenges."

CASP certification, while certainly not as well recognized as CISSP certification, does provide some distinct advantages. The cost of the exam is $379, a substantial savings of $220. For academic institutions who are members of CompTIA’s CAPP program, there is a substantial discount, providing a $273 reduced price for the exam. Schools are allowed to pass this savings on to their students. But the savings doesn’t end there. With a certificate maintenance fee of $45 per year there is another true cost savings. This is particularly true for individuals holding other CompTIA certifications, since this single fee covers the maintenance for all of their other CompTIA certifications.

Providing a fair comparison of the rigor associated with the certification exams presents challenges. Since it has been years since I took the CISSP exam, and only a week since I took the CASP exam, I’m facing challenges relative to a comparison. There is no question that I viewed the CISSP exam, with its 250 questions and 6 hour timeframe, as a bear. That wasn’t true with the CASP exam with its shorter timeframe and somewhere around 65 questions. My “off the cuff” impression was that the CASP exam, with the exception of its simulation questions was an easier exam. However, the simulation questions were quite challenging (coupled with the fact that at least in one instance the simulation didn’t work). But what I need to remember is during the lengthy time between when I took the CISSP exam and the CASP exam, my knowledge base relative to information security issues had grown dramatically.

Another challenge in exam comparison is the fact that neither exam provides an indication on how well you did on the exam if you receive a passing grade. All you get is a “pass.” What I do know is I passed both exams, and I’m glad to have the rewards associated with holding both certifications. Additional comments relative to the CASP exam can be found on my blog.

Where I do think the CASP certification will make inroads in what has been CISSP exclusive territory is those situations where the exam candidate is paying the costs associated with certification, and having an advanced information security certification enables an employer to “check the box” with regard to DOD 8570.1 compliance for their workforce. The cost savings, both in terms of the actual cost of the exam and yearly certification maintenance fees is substantial. Additionally, as employers identify cost savings, they are likely to follow a path of reduced expenses. Expense reduction may also filter down to the cost of training, as competition between the two certifying entities and their affiliated training partners increases.


steve linthicum

About the Author

Professor Steve Linthicum is a full-time faculty member at Sierra College in Rocklin, California. His principal areas of instruction focus on information security and virtualization. He holds a variety of certifications that include CISSP, CASP, VCP, and MCSE: Private Cloud. You can reach him at This email address is being protected from spambots. You need JavaScript enabled to view it..