As a software developer, are you able to legitimately demonstrate Secure Software Development Practices (SSDP) expertise? The Certified SCA Practitioner (CSCAP) is an individual certification that provides objective evidence of your SSDP skills to employers, clients, and other stakeholders.
As a software developer, are you able to legitimately demonstrate Secure Software Development Practices (SSDP) expertise? The Certified SCA Practitioner (CSCAP) is an individual certification intended to provide you with objective evidence of your SSDP skills to employers, clients and other stakeholders that rely on you to design, build, and maintain secure applications and systems.
The CSCAP certification leverages an online platform to test applicants on subject matter expertise that awards the applicant with a certification upon successfully passing a knowledge exam.
The CSCAP certification is specifically curated towards software providers that need a practical approach to demonstrate:
The CSCAP knowledge exam is administered through an online platform with a proctored format. The proctored nature of the exam requires test takers to schedule their exam no earlier than 48 hours prior to the exam time.
The “open book” format reflects the reality of development work — software is rarely developed in a vacuum, and practitioners need to reference industry-recognized resources.
Materials include the SCA Body of Knowledge plus its referenced standards: NIST SP 800-218, EO 14028, OWASP Top Ten, and others. Note: non-SCA-approved study aids are not permitted.
Demonstrates a satisfactory understanding of the core concepts of the subject matter while maintaining a higher standard for academic performance.
The CSCAP training course is fully online and Internet-based. No face-to-face class meetings. Includes one (1) attempt at the knowledge exam.
Software developers (practitioners) are expected to use Secure Development Lifecycle (SDL) processes for new systems, system upgrades, or systems that are being repurposed.
Individuals who earn a CSCAP certification demonstrate a level of competence necessary to ensure that the security of an organization's applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients.
Recommended prerequisites:
While there are no formal educational or certification prerequisites to become a CSCAP, the above experience helps you successfully pass the knowledge exam and perform duties as a CSCAP.
The Certified SCA Practitioner (CSCAP) is evidence you can use to demonstrate competence and even compliance with requirements from EO 14028 for SSDP. The training and certification are performed through a Learning Management System (LMS) and upon passing the knowledge exam, your CSCAP certificate will be issued by Accredible to make it easy to share and boost your professional image.
Use this template to help justify the certification expense to your boss or supervisor. Edit the bracketed text to fit your situation.
As a professional developer, who is dedicated to adhering to industry-recognized secure development practices to both protect our organization and implement expected compliance requirements, please consider my proposal to earn a Certified SCA Practitioner (CSCAP) certification through the Secure Code Alliance (SCA).
CSCAP certification is focused on demonstrating professional competence with Secure Software Development Practices (SSDP). In addition to our requirements from [NIST SP 800-53 / NIST SP 800-171 / CMMC / PCI DSS v4 / CIS v8 / ISO 27002] to perform secure coding practices, the mandates from Executive Order (EO) 14028 for software security requirements within the US Government's supply chain affect organizations like ours.
We will need to demonstrate SSDP throughout the software lifecycle and be able to document how we:
The CSCAP certification is specifically curated towards software providers that need a practical approach to demonstrate that personnel are appropriately addressing security threats and that the organization invests in the culture of cybersecurity and privacy.
There is no cost for travel since this is all computer-based training and testing. The cost for certification is $350 for CSCAP and that is valid for a period of three years. My certification is a smart investment of time and resources that will deliver real value to our organization.