Secure Controls Framework
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
SCA BOK
About the Secure Code Alliance

Improve awareness and adherence to SSDP.

The SCA's mission is to improve the awareness and adherence to SSDP by application developers and architects through operating a conformity assessment methodology spanning design, development, and maintenance.

Our MissionThe DSPD Initiative
✓ Personnel Certification Body
✓ Voluntary Consensus Standards
Our Mission

A conformity assessment methodology for secure development.

The SCA's mission is to improve the awareness and adherence to SSDP by application developers and architects through operating a conformity assessment methodology that:

  • Spans the design, development and maintenance of applications, services and processes;
  • Educates applicants through reinforcing reasonably-expected security and privacy principles, based on voluntary consensus standards that considered developer-specific industry-recognized practices; and
  • Leverages an online platform to test applicants on subject matter expertise that awards the applicant with a Certificate of Conformity (CoC) upon receiving a successful score.

The methodology is designed with these concepts in mind:

  • Identify the discipline basics for SSDP in terms of its principles, concepts and activities; and
  • Foster a common mindset to deliver secure applications, services and processes, regardless of its purpose, type, scope, size, complexity, or stage of the SDLC.
Our Vision

Adequate security & privacy throughout the SDLC.

The SCA's vision is that organizations from all industries ensure that the development of applications, services and processes employ adequate security and privacy measures throughout the Software/System Development Life Cycle (SDLC) to ensure security and privacy-related risks are identified and remediated appropriately.

What the SCA Does

Certify individuals for competency.

As a personnel certification body, the SCA determines if an applicant fulfils certification requirements. Each applicant's subject matter expertise on selected voluntary consensus standards is tested to determine if an acceptable level of competency is met.

CSCAP

Certified SCA Practitioner

Designed for developer roles. Demonstrates practitioner-level competency on Secure Software Development Practices.

Practitioner details
CSCAA

Certified SCA Architect

Designed for application architecture roles. Demonstrates architect-level competency on cyber-resiliency constructs and lifecycle processes.

Architect details

SCA certifications:

  • Are meant to be a public statement or declaration that an individual has passed an examination and otherwise met specified criteria demonstrating that the individual has the competencies necessary to successfully perform the role and responsibilities that comprise a specific occupation;
  • Must be renewed to ensure that individuals continue to possess the competencies required to perform the job; and
  • May require ongoing education and/or assessment and/or experience for renewal.
The DSPD Initiative

Developing Security & Privacy by Design.

The SCA's conformity assessment is the Developing Security & Privacy by Design (DSPD) initiative. The DSPD is an effort to promote transdisciplinary competency for developers to deliver trustworthy Applications, Services and Processes (ASP).

The DSPD initiative is focused on developing a conformity assessment methodology that addresses:

  • “Practitioner-level competency” among developers; and
  • Architect-level competency for application architecture roles.

This concept of competency is focused on a practitioner's or architect's ability to:

  • Work with stakeholders to ensure that security objectives, protection needs/concerns, security requirements and associated validation methods are defined;
  • Define security and privacy requirements, including associated verification methods;
  • Develop security views and viewpoints of the system architecture and design;
  • Identify and assess susceptibilities and vulnerabilities to lifecycle hazards and adversities;
  • Design proactive and reactive features and functions encompassed within a balanced strategy to control asset loss and associated loss consequences;
  • Provide security considerations to inform systems engineering efforts with the objective to reduce errors, flaws and weaknesses that may constitute a security vulnerability;
  • Perform system security analyses and interpret the results of system security-relevant analyses in support of decision-making for engineering trades and risk management;
  • Identify, quantify and evaluate the costs and benefits of security features and functions.
How Testing Works

100 multiple-choice questions, online.

The DSPD initiative's conformity assessment leverages an online platform to test applicants on subject matter expertise.

/ EXAM SIZE

100 multiple-choice questions

A one hundred (100) question set of multiple-choice problems, delivered online.

/ QUESTION TYPES

Three principle question types

The DSPD leverages the three (3) general types of test questions and principle areas of focus that are used when constructing test questions.

/ CERTIFICATION BODY

Personnel certification body

As a personnel certification body, the SCA determines if an applicant fulfils certification requirements based on tested subject matter expertise.

/ STANDARDS BASIS

Voluntary consensus standards

Each applicant's subject matter expertise on selected voluntary consensus standards is tested to determine if an acceptable level of competency is met.