GOVERNMENT

SAFEGUARDING THE ENTERPRISE FROM THE INSIDE OUT

Governments manufacture more data than anyone in the world ranging from citizens records (e.g.,
Social Security numbers) and proprietary data to military and national security information. The
responsibility to maintain and protect these information assets represents one of the most difficult
challenges today.
Government information security professionals are often the last line of defense against the theft and illegal
use of this important data, which is why it is crucial to employ qualified, knowledgeable personnel. The most
effective way to verify expertise, skills and ability within the practice of information security is through education
and certification. (ISC)2 is helping governments at all levels around the world do just that.
(ISC)2 is the world leader in educating and certifying information and software security professionals offering the
Gold Standard in information security credentials which are now held by nearly 100,000 professionals worldwide.

DoD Directive 8570.1

In todays environment of emerging security threats, the U.S. Department of Defense (DoD) has recognized the critical
need for highly-qualified, experienced information assurance personnel. To ensure a knowledgeable and skilled workforce
the DoD has taken the necessary steps to develop a directive that involves the credentialing and continuing education of
all DoD employees with privileged access to DoD information systems.
Under the 8570 Mandate, all personnel with privileged access to DoD systems must obtain an ANSI-approved commercial
certification. (ISC)2 was the first organization to receive ANSI accreditation under ISO/IEC Standard 17024 for its CISSP
certification. For a comprehensive overview of the DoD Directive 8570.1, please refer to www.isc2.org/dodmandate.
Below is a classification grid which provides guidance for assessing the proper cer tification commensurate with your
job responsibilities.

IAT Level I

GSEC
Security+
SSCP

IAM Level I
CAP
GSLC
Security+

CND
Analyst

CEH
SSCP

CASP
CISA
CISSP (or Associate)
GCED
GCIH

IAM Level II

IAM Level III

CAP
CASP
CISM
CISSP (or Associate)
GSLC

GSLC
CISM
CISSP (or Associate)

CND Infrastructure CND Incident

Support
Responder

CEH
GCIA
GCIH

IAT Level III

IAT Level II

A+
Network+
SSCP

CEH
CSIH
GCFA
GCIH

IASAE I

IASAE II

CASP
CISSP (or Associate)
CSSLP

CASP
CISSP (or Associate)
CSSLP

CND
Auditor

CND-SP
Manager

CEH
CISA
GSNA

CISM
CISSP-ISSMP

IASAE III
CISSP-ISSAP
CISSP-ISSEP

DoD 8570.01-M, Table AP3.T2. DoD Approved Baseline Certifications

ADVANCE YOUR CAREER WITH

(ISC)2 CERTIFICATIONS
Whether you are a hands-on practical type, or plan to pursue a managerial or governance position,
(ISC)2 has a globally recognized credential that will help expand your career opportunities. Learn
which certification is right for you career goals.

CISSP (Certified Information Systems Security Professional)

CISSPs are information security leaders who possess the breadth of knowledge, skills, and
experience required to credibly build and manage the security posture of an organization.
CISSPs are the trusted advisors whose expertise plays a critical role in helping organizations
integrate stronger security protocols and protect against threats in an increasingly complex
cyber security landscape. The CISSP is the Gold Standard information security certification and was the first
credential in the field of information security, accredited by ANSI to ISO/IEC Standard 17024:2003.
For the CISSP certification, a candidate is required to have a minimum of five years of cumulative paid full-time work
experience in in two or more of the ten domains of the CISSP Common Body of Knowledge (CBK). Candidates may
receive a one year experience waiver with a four-year college degree, or regional equivalent OR additional credential
from the (ISC)2 approved list. www.isc2.org/cissp

CISSP Concentrations
CISSP Concentrations provide a career path that opens up new opportunities in more demanding
roles in larger enterprises and recognize the specialized talents of a CISSP. These credentials allow
CISSPs to concentrate in the functional areas of architecture, engineering and management.
CISSP-ISSAP: Information Systems Security Architecture Professional CISSP-ISSAPs specialize in designing
security solutions and providing management with risk-based guidance to meet organizational goals.
CISSP-ISSEP: Information Systems Security Engineering Professional CISSP-ISSEPs specialize in the practical
application of systems engineering principles and processes to develop secure systems.This credential was developed
in conjunction with the U.S. National Security Agency.
CISSP-ISSMP: Information Systems Security Management Professional CISSP-ISSMPs specialize in establishing,
presenting and governing information security programs and demonstrate management and leadership skills.
To qualify for a CISSP Concentration you must maintain your CISSP credential in good standing and must have two years of
experience specific to the concentration. www.isc2.org/concentrations

SSCP (Systems Security Certified Practitioner)

SSCPs continuously monitor information systems to safeguard against security threats and have
the knowledge to apply security concepts, tools and procedures to react to security incidents.
These practitioners possess the technical knowledge and hands-on experience to implement an
organizations information security policies and procedures.
For the SSCP certification, a candidate is required to have a minimum of one year of cumulative paid full-time work
experience in one or more of the seven domains of the SSCP CBK. www.isc2.org/sscp

CAP (Certified Authorized Professional)

CAP applies to those responsible for formalizing processes used to assess
risk and establish security requirements and documentation. Their decisions
will ensure that information systems possess security commensurate with the
level of exposure to potential risk, as well as damage to assets or individuals.
For the CAP certification, a candidate is required to have a minimum of two years of cumulative paid
full-time work experience in information systems security authorization. www.isc2.org/cap

CSSLP (Certified Secure Software Lifecycle Professional)

CSSLPs build hacker resilient software and provide assurance that they have the expertise to
incorporate security practices authentication, authorization and auditing into each phase
of the software development lifecycle, from software design and implementation to testing and
deployment.
For the CSSLP certification, a candidate is required to have a minimum of four years of cumulative paid full-time work
experience in the software development lifecycle (SDLC) in one or more of the eight domains of the (ISC)2 CSSLP CBK
or three years of recent work experience with a four-year college degree, or regional equivalent in Computer Science,
Information Technology (IT) or related fields. www.isc2.org/csslp

CCFPSM (Certified Cyber Forensics Professional)

CCFPs are digital forensic professionals with expertise in forensics techniques and procedures, standards
of practice, and legal and ethical principles to assure accurate, complete and reliable digital evidence
admissible to a court of law. They have the most up-to-date skills needed to support information security
activities, including e-discovery, malware analysis, incident response and more.
For the CCFP certification, a candidate is required to a four-year college degree leading to a Baccalaureate, or regional
equivalent, plus three years of cumulative paid full-time digital forensics or IT security experience in three out of the six
domains of the credential. www.isc2.org/ccfp

HCISPPSM (HealthCare Information Security and Privacy Practitioner)

HCISPPs provide the frontline defense in protecting health information. These practitioners have the
foundational knowledge and experience to unite healthcare information security and privacy best
practices and techniques to protect organizations and sensitive patient data against emerging threats
and breaches.
For the HCISPP certification, candidates must have a minimum of two years of cumulative paid full-time work experience
in one domain of the credential that includes security, compliance and privacy. One of the two years of experience
must be in healthcare. www.isc2.org/hcispp

Associate of (ISC)2
Associate of (ISC)2 status is available to those knowledgeable in key areas of industry concepts but lacking the
work experience. As a candidate, you may successfully pass the CISSP, SSCP, CAP, CSSLP, CCFP or HCISPP
examination and subscribe to the (ISC)2 Code of Ethics, however to earn the credential you will have to
acquire the necessary years of pertinent work experience, provide proof and be endorsed by a member
of (ISC)2 in good standing. www.isc2.org/associates

OFFICIAL (ISC)2 TRAINING

Training Straight from the Source
As the creator and caretaker of the CBK, (ISC)2 is uniquely qualified to bring you a comprehensive CBK Training Seminar to help
you thoroughly understand your security knowledge.
Prepared by credential holders and conducted by (ISC)2 Authorized Instructors, each of whom is highly knowledgeable of the latest
information security-related developments and are proven experts in the credential specific domains,The Official (ISC)2 CBK Training
Seminars are the most comprehensive, complete review of information systems security concepts and industry best practices. This is
why it is the only training endorsed by (ISC)2.
Official (ISC)2 CBK Training Seminars are available in three convenient formats:
Live OnLine
Classroom
Private On-Site

(ISC)2 Official Training Providers

Official (ISC)2 CBK Training Seminars are available throughout the world at (ISC)2 facilities and through (ISC)2
Official Training Providers. Official (ISC)2 CBK Training Seminars are conducted only by (ISC)2 Authorized
Instructors who are experts in their field and have demonstrated their mastery of the covered domains.

Voucher Program
(ISC)2 offers a cost-effective, pre-negotiated voucher program that
gives agencies the opportunity to purchase seats for (ISC)2 CBK Training Seminars and examinations in bulk.The more you buy, the more you
save throughout the country and around the world.

GI Bill
As a U.S. veteran, you can take advantage of the Post-9/11 GI Bill to
get certified by (ISC)2. Financial support is provided by the GI Bill to
cover the cost of certification, and (ISC)2 accepts VA reimbursements
for exams.

ADDITIONAL RESOURCES
Official DoD Directive FAQs
www.isc2.org/dodmandate
(ISC)2 Official Training Providers
www.isc2.org/EducationAffiliates.aspx
(ISC)2 Voucher Program
www.isc2.org/voucher
U.S. Department of Veterans Affairs - G.I. Bill
www.gibill.va.gov

Formed in 1989 and celebrating its 25th anniversary, (ISC)2 is the largest not-for-profit membership body of certified
information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries.
Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSP) and
related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP), the Certified Cyber Forensics
Professional (CCFPSM), Certified Authorization Professional (CAP), HealthCare Information Security and Privacy Practitioner
(HCISPPSM), and Systems Security Certified Practitioner (SSCP) credentials to qualifying candidates. (ISC)2s certifications
are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a
global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its
CBK, a compendium of information and software security topics. More information is available at www.isc2.org.

TUITION SAVINGS TIPS

2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved.

Be wary of training providers that are not authorized by (ISC)2. Be certain that your educator carries (ISC)2
Official Training Provider logo to ensure that you are experiencing the best and most current programs available.

GOV.0
(02/14)