The FITSP-Auditor certification is designed to demonstrate that federal workforce personnel, both federal employees and contractors, possess the knowledge of federal IT security requirements necessary to successfully audit and review the management, operational, and technical IT security controls for systems owned by or operated on behalf of, the federal government. This role deals with high-level, cost-effective, risk-based IT security audit functions that assure program value is achieved within the ever-changing risk and evolving threat environments.
The auditor role is designed for candidates who review and audit automated information systems found within the United States Federal Government. These are usually IT auditors that are found within the Inspector General’s community as well as public accounting companies.
Candidates are tested on a comprehensive Federal Body of Knowledge (FBK), which consists of a library of federal statutes, regulations, standards, and guidelines. The FBK is divided into six domains and 18 IT security topic areas.
The exam is three hours long and consists of 150 multiple-choice questions focusing on the knowledge and skills that federal auditors must know.
Additionally, a minimum of five years of generic information systems security experience is required. This experience can be inside or outside the federal government.