Quality, Expert-Derived Cybersecurity Documentation To Keep Organizations Secure, Compliant & Resilient - No AI Slop!
Secure Controls Framework
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cart
Start Here
Products
Bundles
Updates
Reasons To Buy
Certification Options

Individual Secure Code Alliance (SCA) Certifications

The Secure Code Alliance (SCA) was formed to address the need that organizations have to ensure its developers are aware of and implement Secure Software Development Practices (SSDP) in order to minimize the threat posed by malicious actors against the organization’s applications, services, and processes. The SCA is focused on technical competence at the individual level and on the ability to demonstrate evidence of due diligence and due care for SSDP at the organization level.

For individuals, applicants for the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) certifications are expected to invest the requisite time and effort necessary to familiarize themselves with industry-recognized secure development practices, which form the basis of the SCA Body of Knowledge (SCA-BoK). These certifications are for software developers and architects, not project/program managers, security managers, or IT directors. The focus is purely on SSDP concepts that developers and architects deal with on a daily basis. For practical purposes, individuals who earn a CSCAP or CSCAA certifications have demonstrated a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients. These certifications are valid for a period of three (3) years from the date of issue of the certification, at which point the certification expires and will need to be renewed through a re-examination.

If you are a software developer, it is worthwhile to explore SCA training and certifications. There are two (2) SCA certifications for individuals:

  • Certified SCA Practitioner (CSCAP); and
  • Certified SCA Architect (CSCAA).
Key Takeaways - Individual SCA Certifications
  • The Secure Code Alliance (SCA) addresses the need for developers to implement Secure Software Development Practices (SSDP).
  • Two certifications. Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA).
  • These are for software developers and architects only. Not project managers, security managers or IT directors.
  • Based on the SCA Body of Knowledge (SCA-BoK) and industry-recognized secure development practices.
  • Certified individuals demonstrate competence to ensure application security throughout the operational lifecycle.
  • SSDP is increasingly required by statutory, regulatory and contractual obligations across all industries.
SCA Practitioner

What Is The SCA Practitioner Certification?

Certified SCA Practitioners (CSCAP) are certified individuals who have the knowledge and skills to:

  • Implement SCF controls that align with the SCF recommended practices and structure; and
  • Maintain an organization’s cybersecurity and data protection program.
Can you look a client in the eyes and honestly answer that you can currently demonstrate that you know what Secure Software Development Practices (SSDP) are? How can you prove that? The CSCAP is evidence you can use to demonstrate competence and even compliance with requirements from EO 14028 for SSDP.
Software developers (practitioners) are expected to use Secure Development Lifecycle (SDL) processes for new systems, system upgrades, or systems that are being repurposed. These processes can be employed at any stage of the system lifecycle and can take advantage of any system or software development methodology, including agile, spiral, or waterfall.
Individuals who earn a CSCAP demonstrate a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients.
If you are interested in becoming a CSCAP, the first step is to take CSCAP training to start that journey, which you can begin here - https://training.securecontrolsframework.com/products/courses/sca-practitioner!
SCF Architect

What Is The SCA Architect Certification?

Certified SCA Architects (CSCAA) are certified individuals who are:

  • Qualified to architect and design SCF-based cybersecurity and data protection programs;
  • Capable of addressing the tactical, operational and strategic needs of the organization; and
  • Qualified to assist SCF Practitioners with the implementation of SCF controls to turn concepts into reality.
Can you look a client in the eyes and honestly answer that you can currently demonstrate that you know what Secure Software Development Practices (SSDP) are? How can you prove that? The CSCAA is evidence you can use to demonstrate competence and even compliance with requirements from EO 14028 for SSDP.
Software architects (architects) are expected to employ cyber resiliency constructs (e.g., goals, objectives, techniques, approaches, and design principles), as well as the analytic and lifecycle processes, to tailor them to the technical, operational, and threat environments for which the architect’s systems need to be engineered.
Individuals who earn a CSCAA certification demonstrate a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients.
If you are interested in becoming a CSCAA, the first step is to take CSCAA training to start that journey, which you can begin here - https://training.securecontrolsframework.com/products/courses/sca-architect!