By Florence Olsen
Sep. 8, 2005
The International Information Systems Security Certification
Consortium (ISC)2 has begun certifying government employees for a
professional certification and accreditation (C&A) credential that it
developed in cooperation with the State Department.
Consortium officials said the new credential is timely because all
federal agencies must certify and accredit major information systems
and applications under the Federal Information Security Management Act
(FISMA). "We felt the time was right for (ISC)2 to develop a
credential to support it," said Rolf Moulton, president and interim
chief executive officer of the consortium, a nonprofit group that
certifies information security employees.
Security experts devised the C&A process to ensure that information
systems are reasonably secure given the risks to which they are
exposed. FISMA requires federal agencies to perform C&A on information
systems every three years or whenever systems are significantly
To qualify for the Certification and Accreditation Professional (CAP)
credential, a person must have two years of direct experience doing
C&A work. The person must also pass a CAP exam and subscribe to the
consortium's code of ethics, according to the announcement.
Consortium officials said that W. Hord Tipton, chief information
officer at the Interior Department, and Jane Scott Norris, chief
information security officer at the State Department, were in the
first group who passed the CAP exam. State's security experts helped
(ISC)2 develop the certification exam.
To maintain their CAP credential, security employees must earn 60
hours of continuing education credits every three years, pay annual
maintenance fees and abide by the consortium's code of ethics, (ISC)2
Sept 16-18th, 2005
San Diego, California