(ISC)2, short for International Information Systems Security Certification Consortium, is renowned for several of its information security certifications, one of which is the Certified Secure Software Lifecycle Professional (CSSLP).
The CSSLP designation is targeted toward information technology (IT) professionals who help to ensure that all relevant and appropriate security processes and best practices are present throughout an application's software development lifecycle (often abbreviated as "SDLC"). CSSLP certification candidates typically include software developers, product managers and quality assurance testers.
Overview of CSSLP Certification
The CSSLP application security certification is a professional-level credential. It specifically addresses candidate knowledge in one or more of the eight domains in (ISC)2's CSSLP Common Bodies of Knowledge:
- Secure Software Concepts
- Secure Software Requirements
- Secure Software Design
- Secure Software Implementation/Coding
- Secure Software Testing
- Software Acceptance
- Software Deployment, Operations, Maintenance and Disposal
- Supply Chain and Software Acquisition
Candidates must meet a number of requirements in order to earn the designation as a CSSLP professional. They must:
- Have at least four years of work experience related to SDLC in one or more of the above-named eight domains in (ISC)2's CSSLP Common Bodies of Knowledge.
- Pass the CSSLP certification exam.
- Get their CSSLP application endorsed by a current (ISC)2 member. Applicants who are not associated with a member can file an Applicant Endorsement Assistance Form to gain endorsement from the (ISC)2 organization itself.
Candidates can fulfill one of the required four years of professional experience with certain educational achievements. They can also spend an extra year after passing the exam fulfilling the required amount of experience but cannot earn the full certification until this requirement is met.
More details regarding CSSLP requirements can be found on the (ISC)2 website.
The CSSLP Examination
The CSSLP Examination Agreement includes sections that affirm the candidate's claimed professional work experience and a Code of Ethics for candidates to adhere to upon certification.
Additional details regarding the CSSLP exam:
- There are 175 multiple-choice questions.
- Candidates have four hours to complete the exam.
- The test is scored on a sliding scale between 0 and 1000.
- Candidates must earn a score of 700 or higher to pass.
Candidates who fail the CSSLP exam can retake it after 30 days. Those who fail a second time must wait 90 days before retaking the exam, and those who fail a third time must wait 180 days. The CSSLP exam can only be taken three times in a calendar year.
Candidates can book a testing date for the CSSLP examination through Pearson VUE testing centers, which are located around the country.
Renewing the CLSSP Certification
The CLSSP certification is valid for three years. Individuals must earn Continuing Professional Education (CPE) credits to maintain certification. Certified individuals need a minimum of 15 CPE credits a year and a total of 90 CPE credits over the three-year certification period. Candidates can defer to (ISC)2 for details of qualifying CPE activities. Finally, CLSSP owners must pay an annual certification maintenance fee to (ISC)2.
Individuals who earn a CLSSP certification can not only validate their expertise but also provide a higher level of quality control during the software development lifecycle.
"CSSLP Domains," (ISC)2.org,
"How to Get Your CSSLP Certification," (ISC)2.org,
"(ISC)2 Code of Ethics," (ISC)2.org,