As a software architect, are you able to legitimately demonstrate Secure Software Development Practices (SSDP) expertise? The Certified SCA Architect (CSCAA) is an individual certification that provides objective evidence of your SSDP skills to employers, clients, and other stakeholders that rely on your work to architect and maintain secure applications and systems.
As a software architect, are you able to legitimately demonstrate Secure Software Development Practices (SSDP) expertise? The Certified SCA Architect (CSCAA) is an individual certification intended to provide you with objective evidence of your SSDP skills to employers, clients and other stakeholders that rely on your work to architect and maintain secure applications and systems.
The CSCAA certification leverages an online platform to test applicants on subject matter expertise that awards the applicant with a certification upon successfully passing a knowledge exam.
The CSCAA certification is specifically curated towards software providers that need a practical approach to demonstrate:
Software architects are expected to employ cyber resiliency constructs (e.g., goals, objectives, techniques, approaches and design principles), as well as the analytic and lifecycle processes, to tailor them to the technical, operational, and threat environments for which the architect's systems need to be engineered.
Work with stakeholders to ensure that security objectives, protection needs/concerns, security requirements, and associated validation methods are defined.
Develop security views and viewpoints of the system architecture and design — covering protection, performance, and behavioral characteristics.
Identify and assess susceptibilities and vulnerabilities to lifecycle hazards and adversities. Design proactive and reactive features to control asset loss.
Perform system security analyses and interpret results in support of decision-making for engineering trades and risk management.
Identify, quantify, and evaluate the costs and benefits of security features and functions to inform engineering and business decisions.
Apply lifecycle processes recursively, iteratively, concurrently, sequentially, or in parallel — to any system regardless of its size, complexity, purpose, scope, or environment.
The CSCAA knowledge exam is administered through an online platform with a proctored format. Test takers schedule their exam no earlier than 48 hours prior to the exam time.
The “open book” format reflects the reality of architectural work — software is rarely developed in a vacuum, and architects need to reference industry-recognized resources.
Materials include the SCA Body of Knowledge plus its referenced standards: NIST SP 800-218, NIST SP 800-160, EO 14028, OWASP Top Ten, and others.
Demonstrates a satisfactory understanding of the core concepts while maintaining a higher academic standard.
Fully online, Internet-based course. No face-to-face class meetings. Includes one (1) attempt at the knowledge exam.
The Certified SCA Architect (CSCAA) is evidence you can use to demonstrate competence and even compliance with requirements from EO 14028 for SSDP. The training and certification are performed through a Learning Management System (LMS) and upon passing the knowledge exam, your CSCAA certificate will be issued by Accredible to make it easy to share and boost your professional image.
Use this template to help justify the certification expense to your boss or supervisor.
As a professional architect, who is dedicated to adhering to industry-recognized secure development practices to both protect our organization and implement expected compliance requirements, please consider my proposal to earn a Certified SCA Architect (CSCAA) certification through the Secure Code Alliance (SCA).
CSCAA certification is focused on demonstrating professional competence with Secure Software Development Practices (SSDP). In addition to our requirements from [NIST SP 800-53 / NIST SP 800-171 / CMMC / PCI DSS v4 / CIS v8 / ISO 27002] to perform secure coding practices, the mandates from Executive Order (EO) 14028 for software security requirements within the US Government's supply chain affect organizations like ours.
We will need to demonstrate SSDP throughout the software lifecycle and be able to document how we reduce the number of vulnerabilities in released software, reduce the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent recurrences.
The CSCAA certification is specifically curated towards software providers that need a practical approach to demonstrate that personnel are appropriately addressing security threats and that the organization invests in the culture of cybersecurity and privacy.
There is no cost for travel since this is all computer-based training and testing. The cost for certification is $500 for CSCAA and that is valid for a period of three years. My certification is a smart investment of time and resources that will deliver real value to our organization.