top of page

SCA Practitioner & Architect Certifications

Individuals who earn a Certified SCA Practitioner (CSCAP) or Certified SCA Architect (CSCAA) certification have demonstrated a level of competence necessary to ensure that the security of an organization’s applications, services, and processes are assessed throughout their operational life to reduce risks to the organization and its clients. These certifications are valid for a period of three (3) years from the date of issue of the certification, at which point the certification expires and will need to be renewed through a re-examination.

Certified SCA Practitioner (CSCAP)

SCA Practitioner
SCA Practitioner (Horizontal).png

Software developers (practitioners) are expected to use Secure Development Lifecycle (SDL) processes for new systems, system upgrades, or systems that are being repurposed. These processes can be employed at any stage of the system lifecycle and can take advantage of any system or software development methodology, including agile, spiral, or waterfall.

CSCAPs are expected to:

  • Understand and operationalize the organization’s security architecture that must be followed for application development processes for development, testing, staging, and production environments.

  • Incorporate the organization’s risk management practices throughout application development processes across the entire Software/System Development Life Cycle (SDLC).

  • Develop software applications in accordance with industry-recognized secure coding practices.

  • Incorporate security and privacy measures throughout the SDLC.

  • Control changes to applications, systems, and processes across the SDLC using formal change control procedures.

  • Review custom code through a formal change management and approval process prior to release to production.

  • Remove custom application accounts, user IDs and passwords before applications become active or are released to customers.

  • Confidently review Software Bill of Materials (SBOM) documentation for security and privacy-related implications.

  • Perform software conformity assessments.

SCA Practitioner.PNG

Certified SCA Architect (CSCAA)

SCA Architect
SCA Architect (Horizontal).png

Software architects (architects) are expected to employ cyber resiliency constructs (e.g., goals, objectives, techniques, approaches, and design principles), as well as the analytic and lifecycle processes, to tailor them to the technical, operational, and threat environments for which the architect’s systems need to be engineered.

CSCAA's are expected to:

  • Define the security architecture(s) the organization will follow for application development processes.

  • Define application development considerations for the organization’s risk management practices across the entire Software/System Development Life Cycle (SDLC).

  • Publish rules for the organization’s application development processes for development, testing, staging, and production environments.

  • Develop conformity assessment practices for the organization to follow in order to demonstrate alignment with stated Secure Software Development Practices.

  • Ensure that information security and privacy principles are an integral part of Secure Software Development Practices (SSDP) across the entire SDLC.

  • Ensure security & privacy-related measures are included in the requirements for new systems or enhancements to existing systems.

  • Ensure application development practices (internal and external) adhere to industry-recognized secure coding practices.

  • Develop Software Bill of Materials (SBOM) documentation for application development projects.

  • Oversee changes to Applications, Services and Processes (ASP) across the SDLC using formal change control procedures.

  • Oversee application security testing practices.

  • implement the SSDP concepts and techniques for all High-Value Assets (HVA):

    • New Systems;

    • Dedicated or Special-Purpose Systems;

    • System of Systems;

    • System Modifications;

    • System Evolution; and

    • System Retirement.

SCA Architect.PNG
OTHER LINKS
Privacy Notice
Blog
SOCIAL
  • LinkedIn
  • Twitter
ABOUT

support@securecodealliance.com

30 N Gould St

Suite R

Sheridan, WY 82801

Subscribe To The SCA Newsletter

Thanks for subscribing!

SCA - Horizontal (B&W).png

© 2023 by Secure Code Alliance, LLC (SCA). All rights reserved.

This website does not render professional services advice and is not a substitute for dedicated professional services. If you have compliance questions, you should consult a cybersecurity or privacy professional to discuss your specific needs. SCA disclaims any liability whatsoever for any documentation, information, or other material which is or may become a part of the website. SCA does not warrant or guarantee that the information will not be offensive to any user. User is hereby put on notice that by accessing and using the website, user assumes the risk that the information and documentation contained in the website may be offensive and/or may not meet the needs and requirements of the user. The entire risk as to the use of this website is assumed by the user. SCA reserves the right to refuse service, in accordance with applicable statutory and regulatory parameters.

bottom of page