(ISC)² Security Transcends Technology



Courtney Jewell Beveridge
Extension Group
(703) 234-7815

(ISC)2®’s Certified Secure Software Lifecycle Professional (CSSLP) Certification Qualifies for Use Under U.S. Department of Defense (DoD) 8570.1 Mandate
CSSLP Credential Becomes the Latest (ISC)2 Certification To Meet Stringent Requirements of DoD’s Information Assurance Workforce Improvement Program

CLEARWATER, Fla., U.S.A., September 27, 2013 – (ISC)2® (“ISC-squared”), the world’s largest not-for-profit information security professional body and administrators of the CISSP®, today announced that its Certified Secure Software Lifecycle Professional (CSSLP®) credential has been approved by the U.S. Department of Defense (DoD) to meet the criteria of Directive 8570.1M This mandate requires that all DoD information assurance workers obtain a professional certification accredited under the global ANSI/ISO/IEC Standard 17024.

The CSSLP is designed to validate a candidate’s competency in application security within the entire Software Development Life Cycle (SDLC) from requirements-gathering to coding, testing, releasing and maintaining secure software, including supply chain and software acquisition. Candidates seeking the CSSLP are those professionals involved in the SDLC with at least 4 years' experience. The CSSLP was approved for DoD Information Assurance System Architect and Engineer Levels I and II positions.

“Respondents of the (ISC)2 2013 Global Information Security Workforce Study identified application vulnerabilities as the number one security concern among information security professionals,” said W. Hord Tipton, CISSP, executive director of (ISC)² and former CIO of the U.S. Department of Interior. “By adding the CSSLP credential for use under the 8570 mandate, the DoD is taking one more step to address this concern and helping to decrease the significant skills gap that is proving to negatively impact the security of our nation’s systems.”

After receiving accreditation under the global ANSI/ISO/IEC Standard 17024, the CSSLP credential underwent an intensive evaluation by a DoD-contracted, independent third-party firm that presented the credential for approval to the Information Assurance (IA) Workforce Improvement Program Advisory Council Certification Committee. Effective immediately, both DoD personnel and its contractors involved in SDLC will be able to pursue the CSSLP certification under the 8570.1M.

The CSSLP is one of many (ISC)2 certifications that have received approval for use under DoD Directive 8570.1M. Other approved (ISC)2 credentials include: The Certified Information Systems Security Professional (CISSP®); the Systems Security Certified Practitioner (SSCP®); concentrations of the CISSP, which are the Information Systems Security Engineering Professional (ISSEP®), the Information Systems Security Architecture Professional (ISSAP®); the Information Security Systems Management Professional (ISSMP®); the Certified Authorization Professional (CAP®) credential and the Associate of (ISC)² programs for those individuals working toward their certification who do not yet possess the required level of professional experience. For more information about (ISC)2 credentials certified for use under DoD Directive 8570.1M, please visit https://www.isc2.org/dodmandate/default.aspx.




About (ISC)²®
(ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide, with over 90,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics Professional (CCFPSM), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)²'s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information and software security topics. More information is available at www.isc2.org

# # # 

© 2013, (ISC)² Inc., (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks, and the CCFP is a service mark, of (ISC)², Inc.

 Follow (ISC)² on Facebook, Twitter and YouTube.