top of page

Certification Testing Process

Are you able to legitimately demonstrate Secure Software Development Practices (SSDP) expertise? These individual certifications provide you with objective evidence of your SSDP skills to employers, clients and other stakeholders that rely on you to implement SSDP.

​

The Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) certifications leverage an online platform to test applicants on subject matter expertise that awards the applicant with a Certificate of Competence (CoC) upon receiving a successful score.

SCF Badge Example - Practitioner.png
SCF Badge Example - Architect.png

Certified SCA Practitioner (CSCAP)

Cost: $350.00 (USD)

Format: Proctored, Online Test

# Questions: One Hundred (100)

Pass Criteria: Eighty Percent (80%)

Certification Validity: Three (3) years

Scope: SCA-BoK (general & practitioner-specific material)

Certified SCA Architect (CSCAA)

Cost: $500.00 (USD)

Format: Proctored, Online Test

# Questions: One Hundred (100)

Pass Criteria: Eighty Percent (80%)

Certification Validity: Three (3) years

Scope: SCA-BoK (general, practitioner & architect-specific material)

Both the CSCAP and CSCAA exams utilize a proctored, online format. The proctored nature of the exam requires test takers to schedule their exam no earlier than 48 hours prior to the exam time.

We want you to be successful, so we compiled a list of example questions that you could expect to see on either the CSCAP and/or CSCAA certification exams. Just click on the image to the right to download these example questions so that you can get familiarity and gain confidence in your path towards certification!

Exam questions example cover.JPG

Need Help Justifying The Cost To Get Certified? This Should Help!

Please feel free to use the following text as a template you can edit to help justify the expense to your boss/supervisor to earn your certification:

​

As a professional [developer / architect], who is dedicated to adhering to industry-recognized secure development practices to both protect our organization and implement expected compliance requirements, please consider my proposal to earn a [Certified SCA Practitioner (CSCAP) / Certified SCA Architect (CSCAA)] certification through the Secure Code Alliance (SCA).

 

[CSCAP / CSCAA] certification is focused on demonstrating professional competence with Secure Software Development Practices (SSDP). In addition to our requirements from [NIST SP 800-53 / NIST SP 800-171 / CMMC / PCI DSS v4 / CIS v8 / ISO 27002] to perform secure coding practices, the mandates from Executive Order (EO) 14028 for software security requirements within the US Government’s supply chain affect organizations like ours. We will need to demonstrate SSDP throughout the software lifecycle and be able to document how we:

  • Reduce the number of vulnerabilities in released software;

  • Reduce the potential impact of the exploitation of undetected or unaddressed vulnerabilities; and

  • Address the root causes of vulnerabilities to prevent recurrences. 

​

The [CSCAP / CSCAA] certification is specifically curated towards software providers that need a practical approach to demonstrate:

  • Its personnel are appropriately addressing security threats; and

  • The organization invests in the culture of cybersecurity and privacy.

​

There is no cost for travel since this is all computer-based training and testing. The cost for certification is [$350 for CSCAP / $500 for CSCAA] and that is valid for a period of three years. My certification is a smart investment of time and resources that will deliver real value to our organization. Thank you for your consideration.

Have Certification Questions?

Thanks for submitting!
We’ll get back to you shortly.

OTHER LINKS
Privacy Notice
Blog
SOCIAL
  • LinkedIn
  • Twitter
ABOUT

support@securecodealliance.com

​

30 N Gould St

Suite R

Sheridan, WY 82801

Subscribe To The SCA Newsletter

Thanks for subscribing!

SCA - Horizontal (B&W).png

© 2023 by Secure Code Alliance, LLC (SCA). All rights reserved.

This website does not render professional services advice and is not a substitute for dedicated professional services. If you have compliance questions, you should consult a cybersecurity or privacy professional to discuss your specific needs. SCA disclaims any liability whatsoever for any documentation, information, or other material which is or may become a part of the website. SCA does not warrant or guarantee that the information will not be offensive to any user. User is hereby put on notice that by accessing and using the website, user assumes the risk that the information and documentation contained in the website may be offensive and/or may not meet the needs and requirements of the user. The entire risk as to the use of this website is assumed by the user. SCA reserves the right to refuse service, in accordance with applicable statutory and regulatory parameters.

bottom of page