top of page

SCA Practitioner & Architect Certifications

Individuals who earn a Certified SCA Practitioner (CSCAP) or Certified SCA Architect (CSCAA) certification have demonstrated a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients. These certifications are valid for a period of three (3) years from the date of issue of the certification, at which point the certification expires and will need to be renewed through a re-examination.

Certified SCA Practitioner (CSCAP)

SCA Practitioner
SCA Practitioner (Horizontal).png

Software developers (practitioners) are expected to use Secure Development Lifecycle (SDL) processes for new systems, system upgrades, or systems that are being repurposed. These processes can be employed at any stage of the system lifecycle and can take advantage of any system or software development methodology, including agile, spiral, or waterfall.

CSCAPs are expected to:

  • Understand and operationalize the organization’s security architecture that must be followed for application development processes for development, testing, staging, and production environments.

  • Incorporate the organization’s risk management practices throughout application development processes across the entire Software/System Development Life Cycle (SDLC).

  • Develop software applications in accordance with industry-recognized secure coding practices.

  • Incorporate security and privacy measures throughout the SDLC.

  • Control changes to applications, systems, and processes across the SDLC using formal change control procedures.

  • Review custom code through a formal change management and approval process prior to release to production.

  • Remove custom application accounts, user IDs and passwords before applications become active or are released to customers.

  • Confidently review Software Bill of Materials (SBOM) documentation for security and privacy-related implications.

  • Perform software conformity assessments.

SCA Practitioner.PNG

Certified SCA Architect (CSCAA)

SCA Architect
SCA Architect (Horizontal).png

Software architects (architects) are expected to employ cyber resiliency constructs (e.g., goals, objectives, techniques, approaches, and design principles), as well as the analytic and lifecycle processes, to tailor them to the technical, operational, and threat environments for which the architect’s systems need to be engineered.

CSCAA's are expected to:

  • Define the security architecture(s) the organization will follow for application development processes.

  • Define application development considerations for the organization’s risk management practices across the entire Software/System Development Life Cycle (SDLC).

  • Publish rules for the organization’s application development processes for development, testing, staging, and production environments.

  • Develop conformity assessment practices for the organization to follow in order to demonstrate alignment with stated Secure Software Development Practices.

  • Ensure that information security and privacy principles are an integral part of Secure Software Development Practices (SSDP) across the entire SDLC.

  • Ensure security & privacy-related measures are included in the requirements for new systems or enhancements to existing systems.

  • Ensure application development practices (internal and external) adhere to industry-recognized secure coding practices.

  • Develop Software Bill of Materials (SBOM) documentation for application development projects.

  • Oversee changes to Applications, Services and Processes (ASP) across the SDLC using formal change control procedures.

  • Oversee application security testing practices.

  • implement the SSDP concepts and techniques for all High-Value Assets (HVA):

    • New Systems;

    • Dedicated or Special-Purpose Systems;

    • System of Systems;

    • System Modifications;

    • System Evolution; and

    • System Retirement.

SCA Architect.PNG
bottom of page