Secure Controls Framework
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
SCA BOK
Frequently Asked Questions

Get the answers you need.

Common questions about CSCAP and CSCAA certifications, payment, validity periods, niche focus, and how SCA aligns with NIST SSDF and EO 14028.

Browse Questions
Categories

Find answers quickly.

Jump to the category that matches your question.

Certifications

CSCAP & CSCAA

Validity periods, certificate delivery, and the scope of individual certifications.

Payment & Billing

How to pay

Credit card, debit, ACH, and offline invoicing for organizations purchasing testing vouchers.

SCA Positioning

Why SCA, why now

Niche focus, NIST SSDF alignment, and immediate response to EO 14028 mandates.

Certifications

CSCAP & CSCAA basics.

How long are the CSCAP and CSCAA certifications valid?

Both the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) certifications are valid for a period of three (3) years.

How is my certificate delivered?

We leverage Accredible, so when an applicant passes an exam, their certificate is available right away.

This allows the certificate holder to have a PDF version that they can share, print out, or even use Accredible's capabilities to promote the certification accomplishment on LinkedIn, Twitter, etc.

Payment & Billing

How payment works.

What payment methods do you accept?

We leverage Stripe so you can pay via credit card, debit card or ACH.

Can my organization pay by invoice for multiple applicants?

For organizations that want to use invoicing to pay for one or more applicants, we will offer offline invoicing capabilities to issue testing vouchers.

Contact us for more details on that method of payment.

SCA Positioning

Why SCA, why now.

What niche need do CSCAP and CSCAA address?

The Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) certifications are focused on a niche need: these certifications demonstrate a level of competence necessary to ensure that the security of an organization's applications, services, and processes are designed, implemented, and maintained according to Secure Software Design Principles (SSDP).

How does SCA align with NIST best practices?

SCA leverages the latest “best practices” from NIST on SSDP and its Secure Software Development Framework (SSDF).

Does SCA help with Executive Order (EO) 14028 compliance?

Yes — SCA addresses an immediate need to demonstrate SSDP from Executive Order (EO) 14028.

The CSCAP and CSCAA are evidence you can use to demonstrate competence and even compliance with requirements from EO 14028 for Secure Software Development Practices.

Still have questions?

We strive to respond to your Secure Software Development Practices (SSDP) certification inquiries as quickly as possible. Be clear and concise with your question — that helps speed up answering.

Contact the SCA TeamRead the SCA-BoK