Security consortium offers C&A credential

The International Information Systems Security Certification Consortium (ISC)2 has begun certifying government employees for a professional certification and accreditation (C&A) credential that it developed in cooperation with the State Department.

Consortium officials said the new credential is timely because all federal agencies must certify and accredit major information systems and applications under the Federal Information Security Management Act (FISMA). “We felt the time was right for (ISC)2 to develop a credential to support it,” said Rolf Moulton, president and interim chief executive officer of the consortium, a nonprofit group that certifies information security employees.

Security experts devised the C&A process to ensure that information systems are reasonably secure given the risks to which they are exposed. FISMA requires federal agencies to perform C&A on information systems every three years or whenever systems are significantly modified.

To qualify for the Certification and Accreditation Professional (CAP) credential, a person must have two years of direct experience doing C&A work. The person must also pass a CAP exam and subscribe to the consortium's code of ethics, according to the announcement.

Consortium officials said that W. Hord Tipton, chief information officer at the Interior Department, and Jane Scott Norris, chief information security officer at the State Department, were in the first group who passed the CAP exam. State’s security experts helped (ISC)2 develop the certification exam.

To maintain their CAP credential, security employees must earn 60 hours of continuing education credits every three years, pay annual maintenance fees and abide by the consortium's code of ethics, (ISC)2 officials said.