DOD approves new credentials for security professionals

The Defense Department has approved new credentials for information security professionals. The directive is expected to result in more than 100,000 personnel obtaining professional credentials.

DOD approved the (ISC) 2 Certification and Accreditation Professional (CAP), which requires that all DOD information assurance workers obtain a professional certification accredited under the global ANSI/ISO/IEC Standard 17024.

CAP certifies that the holder has in-depth knowledge of Certification and Accreditation, a formalized process for assessing IS risks and security requirements and ensuring that the systems have adequate security in place.

DOD and the National Institute of Standards and Technology are jointly trying to create a single C&A process across the government. CAP is undergoing changes to comply with the new C&A requirements, which go into effect  March 2010.

(ISC)2 is a global not-for-profit education and certifying organization for information security professionals. The organization has other certifications approved for use under the directive, including the Certified Information Systems Security Professional (CISSP) and the Systems Security Certified Practitioner (SSCP).

It also provides certifications for several concentrations of the CISSP, including the Information Systems Security Engineering Professional (ISSEP), the Information Systems Security Architecture Professional (ISSAP); and the Information Security Systems Management Professional (ISSMP).

In addition, recently NIST released a draft contingency planning guide for federal information systems, draft SP 800-34, Revision 1, for public comment. The draft is an upgrade to the original guide published in 2002. Comments are due by Jan. 6, 2010.