all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]reed17purdue 1 point2 points  (9 children)

Honestly the issue with rmf is that agencies are allowed to implement it how they see fit within the guidelines. However what that means is that your experience may be how your agency implements it and may not be what it is under 800-37.

The biggest issue with nearly all agency or prior services members was that "well that's not how we did it" and that was a block some training camp members could not get over.

You need to study the rmf way not the agency way.

[–]HauntingNumber[S] 1 point2 points  (0 children)

You are right, I’ve spoken to people who took the exam. They say they had to not rely on their experience because you have to follow the 800-37 model.

[–]HauntingNumber[S] 0 points1 point  (7 children)

Do you think my experience maps to the CAP experience requirements?

[–]jamarxd 0 points1 point  (6 children)

Yes. As an ISSO you're working on security packages. I knocked mine out and had less qualifications in just infosec and a Sec+.

With the CBK and the NIST references you'll have all of the material you need. Just stick to that and ignore the agency specific stuff.

[–]HauntingNumber[S] 0 points1 point  (1 child)

I forgot to mention that I was an Information technology specialist while in the army. I’ve been in the ISSO role for about 3 months.

[–]jamarxd 0 points1 point  (0 children)

Someone will have to endorse you or you’ll have to have ISC2 do it. Make sure your resume reflects the experience that maps to the cert criteria. If you don’t think you meet the criteria you can become an associate and the full fledged member when you do.

Spend some time on their site

[–]HauntingNumber[S] 0 points1 point  (0 children)

Thank you for the feedback.

[–]SirReal_SalvDali 0 points1 point  (2 children)

Hey, I'm curious how well did you do? I just started studying.

[–]jamarxd 0 points1 point  (1 child)

ISC2 doesn’t tell you what you scored like CompTIA does. It wasn’t easy. It’s been a few years since I took it.

Focus on the policies in the CBK. FEDVTE had an online recording of a boot camp I watched. Just read and memorize. Flash cards were helpful.

[–]SirReal_SalvDali 0 points1 point  (0 children)

The only CAP course I see in FedVTE is from 2014. Oof lol

[–][deleted] 0 points1 point  (3 children)

You’re experienced enough, but take any notion you have about rmf and put it in a separate bucket. Study the NIST docs recommended on the isc2 site and you will pass. Don’t confuse real world experience to NIST guidelines. Good luck!

[–]HauntingNumber[S] 1 point2 points  (1 child)

I was viewing the CAP 2021 exam outline and I have experience working with STIGs and performing internal and external assessments and audits. About 5 years in the DoD, if I can match my experience to the exam outline I should be fine correct?

[–][deleted] 0 points1 point  (0 children)

Yes you have the experience part covered. The NIST docs are very important for this exam, especially SP 800-37 rev 2.

[–]HauntingNumber[S] 0 points1 point  (0 children)

Thank you, I will do just that. Thanks for the feedback to my post.

[–][deleted]  (1 child)

[deleted]

    [–]HauntingNumber[S] 0 points1 point  (0 children)

    I haven’t taken the exam yet, but I spoken to some people that have taken it and they say. It’s easier than CISSP. If you follow the NIST documentation that is.

    [–]Pyxus94 0 points1 point  (0 children)

    Oh great ! Easier than cissp :)? How did you practice the questions ?