(ISC)2® Evolves Name, Structure of CAP® Credential to Reflect New NIST Guidance

PALM HARBOR, Fla., May 27 /PRNewswire/ -- (ISC)2® ("(ISC)2-squared"), the largest not-for-profit membership body of certified information security professionals worldwide with nearly 70,000 members in more than 135 countries, today announced that it has updated both the name and structure of its Certification and Accreditation Professional (CAP®) credential to reflect the new nomenclature contained in the latest draft of the National Institute of Standards and Technology's SP800-37 publication: "Guide for Applying the Risk Management Framework to Federal Information Systems." Effective immediately, the new credential will be known as the "Certified Authorization Professional (CAP)".

In addition to the name change, in an effort to map to the new NIST approach, (ISC)2 has evolved the four domains of its CAP credential into seven.  The new CAP remains the same at its core but places a stronger emphasis on the underlying methodologies and processes associated with the harmonized security authorization process, including continuous monitoring. The domain updates will take effect in November 2010.  

"(ISC)2 routinely reviews all of its credentials to ensure that they adhere fully to the current regulatory environment and security culture," explained W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)2, former CIO of the U.S. Department of Interior and one of the first in the federal government to certify an information system.  "We felt it critical to update the name and domains of CAP to align with current requirements, technology and thinking."

For existing CAP-holders, nothing will change, Tipton stated. "The CAP designation will continue to validate that the credential holder can see the bigger picture and assure that all components of system security are in place in order to achieve the fundamental goal of security compliance with sufficient controls and monitoring. Someone must be accountable throughout the lifecycle of the system," said Tipton.

The original four CAP domains or phases were preparation, certification, execution and continuous monitoring. The seven new domains are:

1) Understanding the Security Authorization of Information Systems (formerly known as Certification and Accreditation)

2) Categorize Information Systems (formerly part of the Preparation Phase)

3) Establish the Security Control Baseline (formerly part of the Preparation Phase)

4) Apply Security Controls (formerly part of the Preparation Phase)

5) Assess Security Controls (known previously as the Certification Phase)

6) Authorize Information System (known previously as the Execution Phase)

7) Monitor Security Controls (also known as Continuous Monitoring)

Tipton noted that the new NIST guidance outlines the integral role that continuous monitoring plays in the risk framework but also stresses that monitoring security controls is only one piece of a larger, integrated process. "The new NIST guidance reemphasizes the reality that all other critical system requirements must be in place in order to achieve complete security compliance."

For this reason, Tipton added, "A CAP-holder fully understands the entirety of the systems security authorization lifecycle - not just one technical piece of it."

For frequently asked questions on the CAP changes, please visit http://www.isc2.org/cap-change-faqs.aspx. To obtain a Candidate Information Bulletin, please visit www.isc2.org/cap. To view CAP educational materials, visit www.isc2.org/caprevsem.

About (ISC)2

(ISC)2 is the largest not-for-profit membership body of certified information security professionals worldwide, with nearly 70,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certification Authorization Professional (CAP®) and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)2's certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its CBK®, a compendium of information security topics. More information is available at www.isc2.org.

© 2010, (ISC)2 Inc. (ISC)2, CISSP, ISSAP, ISSMP, ISSEP, and CSSLP, CAP, SSCP and CBK are registered marks of (ISC)2, Inc.

Follow (ISC)2 on Twitter and YouTube.

SOURCE (ISC)2

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED