The SCA-BoK is a summarized version of industry-recognized secure practices that provides expectations for knowledge / competency associated with the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) roles.
The SCA-BoK is a summarized version of these industry-recognized secure practices that provides expectations for knowledge / competency associated with the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) roles.
For industry-recognized secure practices, the SCA's intent is to leverage freely-available content that are available at no cost to the public.
The SCA references numerous leading frameworks and standards for Secure Software Development Practices (SSDP) in an effort to provide “industry-recognized secure practices” references. These voluntary consensus standards, most publicly available at no cost, are referenced by the SCA's Body of Knowledge.
The global nature of software development also means that the English language is often not the native language for developers. Given this understanding of the global workforce and how collaboration efforts exist in software development, the practice of being able to openly reference content should be seen as an industry norm.
%20Badge.png)
The SCA-BoK summarizes and references the following industry-recognized frameworks. Most are publicly available at no cost.
The BoK defines knowledge and competency expectations for the two SCA individual certifications.
Knowledge and competency expectations for the Certified SCA Practitioner — the developer-facing certification grounded in Secure Development Lifecycle (SDL) processes.
View CSCAP scopeKnowledge and competency expectations for the Certified SCA Architect — covering cyber-resiliency constructs, design principles, and lifecycle processes.
View CSCAA scopeThe full Body of Knowledge document is available as a free PDF. Use it to prepare for the CSCAP or CSCAA exam, or to align your team's secure development practices with industry standards.