DoD DIRECTIVE 8570.1
Transcription
DoD DIRECTIVE 8570.1
DoD DIRECTIVE 8570.1 FACE THE DOD 8570.1 MANDATE HEAD-ON WITH MEMBERS Cyberspace is the new battlefield, where commercial and DoD assets have become virtual targets for our adversaries.The DoD 8570 Information Assurance Training, Certification and Workforce Management program addresses this threat by proactively educating and certifying commercial contractors, and military and civilian personnel to perform their critical duties as Information Assurance professionals. Under the 8570 Mandate, all personnel with “privileged access” to DoD systems must obtain an ANSI-approved commercial certification. (ISC)2® was the first organization to receive ANSI accreditation under ISO/IEC Standard 17024 for its CISSP® certification, and has since received accreditation for each of its credentials. For a comprehensive overview of the DoD Directive 8570.1, please refer to www.isc2.org/dodmandate. Matching Classifications with the Certifications In order to determine which certification is relevant, a classification grid has been constructed to pinpoint what duties the individual fulfills and what certifications are appropriate for their specific job function. The grid below provides guidance for assessing the proper certification commensurate with personnel job responsibilities. DoD 8570.01-M, Table AP3.T2. DoD Approved Baseline Certifications MEMBERS BECOMING 8570.1 COMPLIANT AND BEYOND (ISC)2® spans the 8570 grid with its award-winning certifications that qualify personnel in multiple categories. (ISC)2 certifications offer an unrivaled flexibility, providing DoD personnel with 8570 compliance and a globally recognized standard of qualification that will expand their future career opportunities. Don’t get pigeon-holed with a certification good for only one job classification. Become part of the (ISC)2 family and achieve a credential that allows for and encourages upward mobility like the SSCP®, CAP® and the CISSP®. SSCP (Systems Security Certified Practitioner) The SSCP is a hands-on practitioner whose focus is on the technical aspects of information security. SSCPs design, implement and administer information systems in compliance with stated policies. The SSCP CBK® is comprised of seven domains pertaining to real-life areas of expertise in this ever-changing field of information security. • Requirements o Minimum of one year of experience o Pass a stringent three-hour exam and go through an endorsement process o 60 CPE credits are required every three years to maintain certification A complete overview of the (ISC)2 SSCP can be found at www.isc2.org/sscp. CAP (Certified Authorization Professional) CAP applies to those responsible for formalizing processes that assess risk and establish security requirements. They ensure that information systems possess security commensurate with the level of exposure to potential risk and damage to assets or individuals. The CAP credential allows for this authority. The CAP examination tests the breadth and depth of a candidate’s knowledge by focusing on the four domains that comprise the CAP CBK, a compendium of information security topics in: Understand the Purpose of Security Authorization, Initiate Preparation Phase, Perform Execution Phase and Perform Maintenance Phase (continuous monitoring). • Requirements o Minimum of two years of experience o Pass a stringent three-hour exam and go through an endorsement process o 60 CPE credits are required every three years to maintain certification A complete overview of the (ISC)2 CAP can be found at www.isc2.org/cap. CISSP (Certified Information Systems Security Professional) CISSP is the “Gold Standard” information security certification and was the first credential in the field of information security, accredited by ANSI to ISO/IEC Standard 17024:2003. A CISSP is an information assurance professional who defines the architecture, design, management and/or controls that assure the security of business environments. The vast breadth of knowledge and the experience it takes to pass the exam is what sets a CISSP apart. • Requirements o Minimum of four years of experience with a degree or waiver – or five years without o Pass a stringent six-hour exam and go through an endorsement process o 120 CPE credits are required every three years to maintain certification A complete overview of the (ISC)2 CISSP can be found at www.isc2.org/cissp. CISSP® Concentrations (ISC)2® developed a set of credentials beyond the CISSP, providing a career path that opens up new opportunities for members, such as more demanding roles in larger enterprises and recognition of specialized talents and skill sets. (ISC)2’s three CISSP Concentrations operate in the disciplines of architecture, engineering and management, and also comply with DoD 8570.1. • CISSP Concentrations o CISSP-ISSAP®: For the architect who generally develops, designs, or analyzes the overall security plan, playing a key role between the C-suite and upper management. o CISSP-ISSEP®: Developed in conjunction with the U.S. National Security Agency and created for the lead systems engineer who is incorpoorating security into projects, applications, business processes and information systems. o CISSP-ISSMP®: For CISSPs who examine information security management on a larger, enterprise-wide security model. • Requirements o Minimum of two years of experience specific to the concentration o Pass a stringent three-hour exam and go through an endorsement process o 120 CPE credits with 20 specific to the concentration are required every three years To learn more about the CISSP Concentrations, visit www.isc2.org/concentrations. Associate of (ISC)2 The Associate of (ISC)2 is available to those knowledgeable in key areas of industry concepts but are lacking the work experience. Candidates may take the SSCP®, CAP® or CISSP examination and subscribe to the (ISC)2 Code of Ethics to earn the Associate status. Once the required experience is gained, the Associate can then be endorsed and received the certification. • Associate of (ISC)2 for SSCP o Maximum of two years from the exam pass date to acquire the necessary professional experience o Pass the three-hour SSCP exam o 10 CPE credits are required every year • Associate of (ISC)2 for CAP o Maximum of three years from the exam pass date to acquire the necessary professional experience o Pass the three-hour CAP exam o 10 CPE credits are required every year • Associate of (ISC)2 for CISSP o Maximum of six years from the exam pass date to acquire the necessary professional experience o Pass the six-hour CISSP exam o 20 CPE credits are required every year For more information on the Associate program, please visit www.isc2.org/associates. MEMBERS GO DIRECTLY TO THE SOURCE (ISC)2® brings you the best information security education. Together with its affiliates, (ISC)2 provides internationally recognized review seminars and educates thousands of security professionals annually. Only (ISC)2 and its affiliates use (ISC)2 Authorized Instructors and the most current courseware. Together, that means you get the highest quality education available from the proven best in the industry — a claim that no other education provider can make. Look for the (ISC)2 Authorized Provider logo to ensure you are experiencng the best and most current programs available. Education Delivered Your Way SC Magazine has recognized (ISC)2 as the 2006, 2007 and 2011 winner of the Best Professional Training Program as well as the 2008 and 2010 winner of the Best Professional Certification Program. But setting all recognition aside, (ISC)2 offers a wide, comprehensive range of quality, high-level educational opportunities, making us the best choice for DoD 8570.1 compliance and beyond. To help you thoroughly review and refresh your information security knowledge before pursuing (ISC)2 credentials, (ISC)2 offers CBK® Review Seminars via classroom or online. In addition to the G.I. Bill, through which veterans are reimbursed for the cost of education and certification, (ISC)2 offers a costeffective, pre-negotiated voucher program that gives agencies the opportunity to purchase seats for (ISC)2 CBK Review Seminars and examinations in bulk. The more you buy, the more you save throughout the country and around the world. For a full explanation on the Voucher Program, visit www.isc2.org/vouchers. (ISC)2 and its affiliates offer 8570 packages that can be customized to meet a variety of education needs. Program offerings include textbooks, online education, instructor-led seminars and continuing education opportunities. (ISC)2 and its partners have sliding scale pricing options based on volume. For education pricing inquiries, please contact (ISC)2 Government Services at [email protected] or 1.866.462.4777. ADDITIONAL RESOURCES Education Support to the DoD (Dantes Program) - www.isc2.org/dantes Official DoD Directive FAQs - www.isc2.org/8570faqs Official (ISC)2 Authorized Education Providers - www.isc2.org/aep Reagan Systems GSA Schedule - www.isc2.org/reagangsa U.S. Department of Veterans Affairs - G.I. Bill - www.gibill.va.gov (ISC)2 is the largest not-for-profit membership body of certified information security professionals worldwide, with more than 80,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)2’s certifications were among the first information security credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its CBK®, a compendium of information security topics. More information is available at www.isc2.org. Tuition Saving Tips on (ISC)² Education and Examinations © 2011 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. These seminars are conducted by (ISC)2 Authorized Instructors who are up-to-date on the latest information security-related developments and are experts in credential-specific domains. (ISC)2’s official CBK textbooks provide the latest in information security knowledge, detailed insight into the domains and provide sample questions. And to determine your readiness for taking the exam, (ISC)2 also offers studISCope, an online self-assessment tool that lets you see where you stand on the information security learning curve. It provides an actual simulation of the certification exam situation, and will pinpoint your domain knowledge level. For more on (ISC)2’s education programs, visit www.isc2.org/education. DOD.0 (12/11)
Similar documents
2010 Annual Report
Even as the information security landscape continues to change, our commitment to our members remains steadfast. To demonstrate this, in 2011, we plan to introduce chapters so our members can netwo...
More information