News Stay informed about the latest enterprise technology news and product updates.

The CISSP receives international standardization

The security professional credential got a big boost today when it became part of ISO/IEC 17024.

The Certified Information Systems Security Professional just became a more coveted credential today after its governing body announced the CISSP received accreditation under ISO/IEC 17024.

It's the first IT program to earn such accreditation under this personnel-oriented standard from the International Organization for Standardization and the American National Standards Institute, according to James Duffy, executive director of the International Information Systems Security Certification Consortium (ISC)2.

Duffy said the CISSP, which (ISC)2 has administered the past decade, is now closer to becoming the global gold standard in information security. "Educated, qualified and certified information security professionals are the key to protecting the critical infrastructure on which businesses and governments around the world operate," he said in a statement.

They'll know, when there are shops that are ISO 17024, that there's a minimum qualification that's been met with their professionals.
Howard Schmidt

The development also signals that information security ranks are starting to solidify as a true specialty within IT. Practitioners now have a goal to obtain for advancement, and companies can add the credential to hiring criteria, if they chose.

U.S. government leaders like Rep. Adam Putman (R-Fla.), who chairs a prominent House subcommittee on technology, lauded the new accreditation as a way to encourage more federal employees to obtain IT security certification. So far, about 3,500 of the 28,000 holding a CISSP work for Uncle Sam.

The subcommittee's staff director, Bob Dix said at a press conference in Washington, D.C., that the ISO/IEC 17024 inclusion should motivate more security professionals to seek the CISSP, thus strengthening security at both public and private enterprises. "We need … to encourage, incentivize and motivate folks to go in that direction," he said.

To receive certification, a security professional must have at least four years' experience and pass a six-hour exam in 10 areas. Employees must abide by a code of ethics and undergo 120 hours of professional training triennially to maintain the credential.

Former White House cybersecurity czar Howard Schmidt hailed the news as a "major deal" for the federal government, whose national cybersecurity strategy called for such global accreditation. He also said it will be a big boost for enterprise security programs that hire CISSPs -- and those that use their services.

"They'll know, when there are shops that are ISO 17024, that there's a minimum qualification that's been met with their professionals," said Schmidt, who now is in charge of information security for online auction company eBay.

Dig Deeper on CISSP certification

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.