ISO approves information security credential

A credential for information security engineers has received accreditation from the International Organization for Standardizations (ISO), the International Information Systems Security Certification Consortium said today.

Lynn McNulty, director of government services at (ISC)2, said the American National Standards Institute accredited the Information Systems Security Engineering Professional credential. ANSI is the U.S. branch of ISO.

ISSEP now complies with the ANSI/ISO/International Electrotechnical Commission 17024 standard. That standard sets internationally recognized benchmarks for the educational principles and integrity of examination processes and the organizational structure of credentialing organizations, McNulty said.

ISSEP is an extension of (ISC)2’s Certified Information Systems Security Professional certification, he said. The CISSP-ISSEP certification provides extra training in four areas of information security engineering that the standard CISSP certification does not include.

The latest accreditation will allow more DOD workers to have the ISSEP credential, McNulty said, adding that DOD Directive 8570.1 requires all department employees to have credentials with ANSI 17024 accreditation.

Organizations can be confident that credentialed employees or job applicants have the appropriate technical and managerial credentials in information assurance, McNulty said.

(ISC)2 intends to talk to DOD about changing Directive 8570.1 to include ISSEP, McNulty said. ISSEP already meets the standard and DOD officials have said they would add more accreditations in the future.

(ISC)2 developed the ISSEP certification with the National Security Agency, but the credential is relevant across the national security domain, McNulty said.

(ISC)2’s accomplishment is important because only about 1 percent of more than 3,000 certification bodies are accredited by third parties such as ANSI, said Roy Swift, ANSI’s program director for certification accreditation.

Accreditation lends credibility to certification programs as it does to colleges and universities, Swift said.

ISSEP is the third (ISC)2 certification to get ISO 17024 certification, Swift said. Its CISSP and Systems Security Certified Practitioner certifications also comply.