3213 Duke St #190
Federal IT Security Professional
There are a number of IT security certifications on the market today. However, most of these are generalist certifications that promote “international best practices” and methodologies common to all types of organizations. The FITSP certification program is different in that it helps validate the skills and knowledge of Federal employees and contractors against Federal standards and practices.
The FITSP certification addresses an important and needed role in validating the skills of IT security professionals against NIST standards and documentation. It is really the intersection of IT security skills, the NIST framework, and an independent third party certification validation of candidates to help increase the knowledge pool of Federal workers and contractors. The FITSP certification is positioned to help protect the nation’s critical infrastructure and by default the information that its people and citizens expect to have protected.
When a candidate pursues the FITSP certification he or she selects from four roles. This means there are four different exams and a candidate can pursue one or all four roles to demonstrate competency in any of these areas. While the exams deal with the same domains, each role is tested on a different set of publications, themes, and topical areas that are relevant to each respective job role. These roles are:
Manager - The Manager role is designed for candidates who act in an oversight capacity with regard to IT security. Candidates for this are usually CISOs, ISMs, IAMs, etc. A candidate would earn a FITSP-Manager (FITSP-M) credential in this area.
Designer - The Designer role is designed for candidates who are tasked with designing and developing a system within an organization. These are usually system designers and developers, ISSEs, and other engineers. A candidate would earn a FITSP-Designer (FITSP-D) credential in this area.
Operator - The Operator role is designed for candidates who implement and operate an information system within an organization. These are usually the system and application administrators, system owners, ISSOs, DBAs and other personnel who manage and maintain the system. A candidate would earn a FITSP-Operator (FITSP-O) credential in this area.
Auditor - The auditor role is designed for candidates who review and audit the IT system. These are usually IT auditors that are found within the Inspector General community as well as public accounting companies. A candidate would earn a FITSP-Auditor (FITSP-A) credential in this area.
These functional roles are complimentary and consistent to those identified in NIST SP 800-16 Draft 1 (from March 2009) - Information Security Training Requirements: A Role and Performance Based Model.
FITSI is also pursuing ISO/IEC 17024 for the FITSP program.