SCA Architect

Certified SCA Architect (CSCAA) Testing Process 

As a software architect, are you able to legitimately demonstrate Secure Software Development Practices (SSDP) expertise? The Certified SCA Architect (CSCAA) is an individual certification that is intended to provide you with objective evidence of your SSDP skills to employers, clients and other stakeholders that rely on your architect and maintain secure applications and systems.

​The Certified SCA Architect (CSCAA) certification leverage an online platform to test applicants on subject matter expertise that awards the applicant with a certification upon successfully passing a knowledge exam. 

Certified SCA Architect (CSCAA)

• Cost: $500.00 (USD)
• # Questions: Seventy Five (75)
• Pass Criteria: Seventy-Five Percent (75%)
• Certification Validity: Three (3) years
• Scope: SCA Body of Knowledge (SCA BoK) (general, practitioner and architect-specific material)
• Registration URL: https://training.securecontrolsframework.com/products/courses/sca-architect
• Delivery Format: Computer Based Training (CBT)
• Knowledge Exam: Open book, online knowledge exam. The knowledge example is "open book" that is defined as:*
  1. The following references are authorized:
     1. SCA Body of Knowledge;
     2. Executive Order (EO) 14028;
     3. NIST SP 800-218 v1.1;
     4. NIST SP 800-218A;
     5. NIST SP 800-160 (vol 1 & 2); and
     6. OWASP Top Ten.
  2. The following tools and/or resources are prohibited:
     1. Artificial Intelligence (e.g., ChatGPT, Google Gemini, Microsoft Copilot, Claude, etc.); and
     2. Cheat sheets, including but not limited to:
        1. Condensed notes or information;
        2. Quick references; and/or
        3. Any other non-SCA approved study aid.

*Note: The SCA appreciates the nature of development operations, where software is rarely development in a vacuum. The global nature of software development also means that the English language is often not the native language for developers. Given this understanding of the global workforce and how collaboration efforts exist in software development, the practice of being able to openly reference content should be seen as an industry norm.

The SCA BoK is a summarized version of these industry-recognized secure practices that provides expectations for knowledge / competency associated with the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) roles. The SCA BoK is a free resource to download:  

Need Help Justifying The Cost To Get Certified As A SCA Architect? This Should Help!

Please feel free to use the following EXAMPLE TEXT as a template you can edit to help justify the expense to your boss/supervisor to earn your certification:

​As a professional software architect, who is dedicated to adhering to industry-recognized secure development practices to both protect our organization and implement expected compliance requirements, please consider my proposal to earn a Certified SCA Architect (CSCAA) certification through the Secure Code Alliance (SCA).

CSCAA certification is focused on demonstrating professional competence with Secure Software Development Practices (SSDP). In addition to our requirements from [NIST SP 800-53 / NIST SP 800-171 / CMMC / PCI DSS v4 / CIS v8 / ISO 27002] to perform secure coding practices, the mandates from Executive Order (EO) 14028 for software security requirements within the US Government’s supply chain affect organizations like ours. We will need to demonstrate SSDP throughout the software lifecycle and be able to document how we:

• • Reduce the number of vulnerabilities in released software;
  • Reduce the potential impact of the exploitation of undetected or unaddressed vulnerabilities; and
  • Address the root causes of vulnerabilities to prevent recurrences. 

​The CSCAA certification is specifically curated towards software providers that need a practical approach to demonstrate:

• • Its personnel are appropriately addressing security threats; and
  • The organization invests in the culture of cybersecurity and privacy.

​There is no cost for travel since this is all computer-based training and testing. The cost for certification is $500 for CSCAA and that is valid for a period of three years. My certification is a smart investment of time and resources that will deliver real value to our organization. Thank you for your consideration.