I am a CISSP. I recently passed the HCISPP and that exam, to me, seemed to be something that I wouldn't have easily passed if I didn't work in those areas (especially contracts and third parties) every week.
I have some knowledge of RMF processes. I don't work at it every day, but I have an opportunity to move into that area.
I am not great with memorizing and regurgitating facts and sentences. Is the CAP exam something that can be passed with study or is it something that should only be attempted if you work in that area?
The CAP exam requires quite a bit of study in order to pass. If you work with the RMF process every day, you'll certainly be familiar with the terminology and steps but you'll need study to conquer the more obscure aspects covered in the CAP exam.
With study you'll do just fine. I took an RMF course through BAI which helped but the majority was learned through a few weeks of intense study.
Thanks! Which BAI course? Was it worth it?
I took the RMF for DoD course https://rmf.org/rmf-for-dod-it-training/ . It isn't a CAP prep course, however it does teach the RMF process A-Z. It's a great course for someone new to RMF. If you're just interested in passing the exam, you can study the references listed on this site and use one of the online question banks to prepare.
I took the BAI course and it was a big help. I work in RMF and have for years and that helped, but, the exam is on the actual "Pure" RMF process. I work in DoD and each of their services has a slightly different take on how to do RMF.
That said there are three recommendations I would give for the test.
1)Take the BAI course I really liked the course and the instructor, who was knowledgeable and happy to talk. He also made me take home all the leftover pastries when he heard I had a teenage son! Some people don't need a class, but as a previous poster said the class will hit on some esoteric sections of RMF that you wouldn't get otherwise.
2)Use the (ISC)2 flash cards. Use Quizlet for them and test using multiple choice.
3) Study the NIST SP 800-37 Rev 1 (until they change the test). Study the roles and what they do and the documents and what they are for and when they change. Study SDLC and how it corresponds to the RMF steps.
Do all of the above and you'll do fine. Then you'll have the same question I do. Since I'm a CISSP in good standing, can I endorse myself??
Hey Jerry! Congrats on your passes for ISC2 exams. Just like you, I am CISSP as well. As far as the CAP, if you want to work in security for the government, then yes go for the CAP. Unfortunately, there is a scarce amount of official material for the CAP. But then again, you never know where it might take you in life, so go for it!! Most of the CAP is based off of NIST documents. They are pretty helpful, though.
Hey MapsCat! Thanks for your advice. I've been studying for the CAP for a while now. I've been in risk management for a year now as a security control assessor. When did you take the exam?