US Department of Defense (DoD) 8570.01-M “Information Assurance Workforce Improvement Program” manual names ISACA’s Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications among those approved for DoD information assurance (IA) professionals. The directive requires up to 80,000 professionals to earn one of 13 certifications offered by five organizations.
The DoD’s IA professionals are classified into two categories–information assurance technical (IAT) and information assurance managerial (IAM)–that are each divided into three levels. CISA is among the four approved baseline certifications for professionals in IAT Level III, and CISM is among the three approved certifications for professionals in IAM Levels II and III.
“The inclusion of CISA and CISM in the limited list of approved certifications for Department of Defense IA professionals is a testament to the quality and caliber of ISACA’s designations,” said Everett Johnson, ISACA’s international president. “ISACA’s certifications have been achieving dramatic growth and recognition. Both CISA and CISM experienced record registration for the 2005 exams and have been named among the highest-paying certifications by the independent Foote Partners LLC.”
Among other international recognition, assistant examiners employed by the US Federal Reserve Banks must pass the CISA examination before they are eligible for commissioning; the National Stock Exchange of India has recognized CISA as a requirement to conduct systems audits; and in Singapore, CISA was accredited under the Critical IT Resource Program of the National Infocomm Competency Centre (NICC), the national body that oversees accreditation of IT-related certifications. Additionally, CISM is a recognized credential in the Security Solutions Competency of Microsoft’s Partner Program.
More than 47,000 professionals have earned the CISA certification since its inception in 1978. The CISM designation has been earned by more than 6,000 professionals since it was established in 2002. Both certifications were awarded accreditation under ISO/IEC 17024 by the American National Standards Institute (ANSI) in 2005-one of the requirements for DoD-approved certifications.
“The ultimate vision of Directive 8570.1 is a sustained, professional IA workforce with the knowledge and skills to effectively secure our enterprise information systems,” said George Bieber, deputy director, IA Human Resources and Training, Defense-wide IA Program. “This effort will enable DoD to put the right people with the right skills in the right places, and it’s a tremendous opportunity for personnel to get the training they need to keep current with security in a continuously changing technology environment.”