Individual Secure Code Alliance (SCA) Certifications

The Secure Code Alliance (SCA) was formed to address the need that organizations have to ensure its developers are aware of and implement Secure Software Development Practices (SSDP) in order to minimize the threat posed by malicious actors against the organization’s applications, services, and processes. The SCA is focused on technical competence at the individual level and on the ability to demonstrate evidence of due diligence and due care for SSDP at the organization level.

For individuals, applicants for the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) certifications are expected to invest the requisite time and effort necessary to familiarize themselves with industry-recognized secure development practices, which form the basis of the SCA Body of Knowledge (SCA-BoK). These certifications are for software developers and architects, not project/program managers, security managers, or IT directors. The focus is purely on SSDP concepts that developers and architects deal with on a daily basis. For practical purposes, individuals who earn a CSCAP or CSCAA certifications have demonstrated a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients. These certifications are valid for a period of three (3) years from the date of issue of the certification, at which point the certification expires and will need to be renewed through a re-examination.

If you are a software developer, it is worthwhile to explore SCA training and certifications. There are two (2) SCA certifications for individuals:

  1. Certified SCA Practitioner (CSCAP)
  2. Certified SCA Architect (CSCAA)

Certified SCA Practitioner (CSCAP)

Certified SCA Practitioner




Certified SCA Practitioners are SAICO-certified individuals who have the knowledge and skills to:

  • Implement SCF controls that align with the SCF recommended practices and structure; and
  • Maintain an organization’s cybersecurity and data protection program.

Can you look a client in the eyes and honestly answer that you can currently demonstrate that you know what Secure Software Development Practices (SSDP) are? How can you prove that? The Certified SCA Practitioner (CSCAP) is evidence you can use to demonstrate competence and even compliance with requirements from EO 14028 for SSDP.

Software developers (practitioners) are expected to use Secure Development Lifecycle (SDL) processes for new systems, system upgrades, or systems that are being repurposed. These processes can be employed at any stage of the system lifecycle and can take advantage of any system or software development methodology, including agile, spiral, or waterfall.

Individuals who earn a Certified SCA Practitioner (CSCAP) demonstrate a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients.

If you are interested in becoming a CSCAP, the first step is to take CSCAP training to start that journey, which you can begin here - https://training.securecontrolsframework.com/products/courses/sca-practitioner

 

The SCF Practitioner role has a published syllabus:

Certified SCA Practitioner Syllabus

You can download the Certified SCA Practitioner (CSCAP) syllabus from: https://securecodealliance.com/content/sca-practitioner.pdf 

SCF Architect

Certified SCA Architect

Certified SCA Architects are SAICO-certified individuals who are:

  • Qualified to architect and design SCF-based cybersecurity and data protection programs;
  • Capable of addressing the tactical, operational and strategic needs of the organization; and
  • Qualified to assist SCF Practitioners with the implementation of SCF controls to turn concepts into reality.

Can you look a client in the eyes and honestly answer that you can currently demonstrate that you know what Secure Software Development Practices (SSDP) are? How can you prove that? The Certified SCA Architect (CSCAA) is evidence you can use to demonstrate competence and even compliance with requirements from EO 14028 for SSDP.

Software architects (architects) are expected to employ cyber resiliency constructs (e.g., goals, objectives, techniques, approaches, and design principles), as well as the analytic and lifecycle processes, to tailor them to the technical, operational, and threat environments for which the architect’s systems need to be engineered.

Individuals who earn a Certified SCA Architect (CSCAA) certification demonstrate a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients.

If you are interested in becoming a CSCAA, the first step is to take CSCAA training to start that journey, which you can begin here - https://training.securecontrolsframework.com/products/courses/sca-architect

The SCF Architect role has a published syllabus:

Certified SCA Architect

You can download the Certified SCA Architect (CSCAA) syllabus from: https://securecodealliance.com/content/sca-architect.pdf\

Common Requirements For Secure Software Development Practices (SSDP)

From a day-to-day perspective of requirements for Secure Software Development Practices (SSDP), there are “industry-recognized secure practices” that require secure software development. These frameworks impact nearly every organization, regardless of the industry it serves.

This page identifies the most common application security controls from leading cybersecurity frameworks. These requirements may come in the form of statutory, regulatory or contractual obligations for an organization to comply with.

There are no products listed under this category.

!