Press Releases

Unedited news and product information from vendors.

(ISC)2 (R)'s Certification and Accreditation Professional (CAP(R)) Credential Qualifies for Use Under U.S. Department of Defense (DoD) 8570.1 Mandate
Oct 28, 2009 (12:10 PM EDT)

PALM HARBOR, Fla., Oct. 28 /PRNewswire/ -- (ISC)2((R)) ("ISC-squared"), the not-for-profit global leader in educating and certifying information security professionals throughout their careers, today announced that its Certification and Accreditation Professional (CAP((R))) credential has been approved by the U.S. Department of Defense (DoD) to meet the criteria of Directive 8570.1. This mandate requires that all DoD information assurance workers obtain a professional certification accredited under the global ANSI/ISO/IEC Standard 17024 and is expected to result in more than 100,000 personnel receiving their professional credentials.

The CAP is designed to illustrate that a certification holder has in-depth knowledge of Certification and Accreditation (C&A), a formalized process used to assess the risk and security requirements of an information system and to ensure that those information systems have adequate security commensurate with the level of risk involved.

"The federal government has recognized that the C&A process is critical to improving its information security posture and that there is a need to develop a single process across government. The Defense Department and intelligence agencies are currently working with the National Institute of Standards and Technology (NIST) to harmonize their C&A processes to create a unified approach," explains Lynn McNulty, CISSP, director of government affairs for (ISC)(2). "In adding the CAP credential for use under the 8570 mandate, the DoD has recognized that it will be important to have specialists with an in-depth knowledge of the current and future C&A processes."

In anticipation of a harmonized process, the CAP review and certification test is undergoing changes to comply with the new C&A requirements. Effective March 2010, the CAP CBK((R)) domains--in addition to its current requirements--will necessitate an understanding of the purpose of security authorization and the initiation and preparation phase; the ability to perform the execution phase of the accreditation process; and the ability to perform continuous monitoring during the maintenance phase.

(ISC)2 has several other certifications already approved for use under DoD Directive 8570.1. They are as follows: The Certified Information Systems Security Professional (CISSP((R))); the Systems Security Certified Practitioner (SSCP((R))); concentrations of the CISSP, which are the Information Systems Security Engineering Professional (ISSEP((R))), the Information Systems Security Architecture Professional (ISSAP((R))); and the Information Security Systems Management Professional (ISSMP((R))) and also includes the Associate of (ISC)2 programs for those individuals working toward their certification who do not yet possess the required level of professional experience.

(ISC)2((R)) is the globally recognized HASH(0x12dce00) for certifying information security professionals. Founded in 1989, (ISC)2 has certified nearly 66,000 information security professionals in over 130 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP) and related concentrations, Certification and Accreditation Professional (CAP), Systems Security Certified Practitioner (SSCP), and Certified Secure Software Lifecycle Professional (CSSLP((cm))) credentials to those meeting necessary competency requirements. (ISC)2 certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2's CBK((R)), a compendium of information security topics, and is responsible for the (ISC)2 Global Information Security Workforce Study. More information is available at .

(C) 2009, (ISC)2 Inc. (ISC)2, CISSP, ISSAP, ISSMP, ISSEP, and CAP, SSCP and CBK are registered marks and CSSLP is a service mark of (ISC)2, Inc.

CONTACT: Courtney Jewell of Extension Group, +1-703-234-7815,

Web site: