FITSP Requirements Banner

FITSP Certification Process

FITSI uses several processes to manage the FITSP Certification Program. These processes include:

  • An Examination Process
  • An Application Process
  • An Assessment Process
  • A Certification Decision Process
  • A Recertification Process

FITSP Certification Process Overview

As part of earning a Federal IT Security Professional (FITSP) certification, FITSP Certification Candidates must successfully pass a certification exam (Phase 1) and submit a formal FITSI Certification application and supporting documentation (Phase 2). Once the FITSP Certification Application Package is submitted, FITSI assesses all the items in the application (Phase 3) and renders a formal certification decision (Phase 4). During this formal certification decision phase, a determination is made on whether the FITSP certification will be granted to the individual. Certification Applicants who become Certification Holders in Phase 4 move to Phase 5, where they must meet certain criteria to be recertified. This process is visually represented in Figure 1 below.


A minimum of five years of information security experience is required to qualify for any FITSP certification. This experience can be obtained from the federal government or civilian employment. FITSI Certification Applicants can waive portions of the experience requirements if the Certification Applicant possesses other complimentary security certifications or education.

Educational waivers – Certification Applicants may waive one year of experience for a bachelor's degree in any discipline. Certification Applicants may waive one year of experience for a bachelor's degree and a second year with a master's degree with an IT or information assurance focus. Each degree allows for one year of experience to be waived. A fully accredited institution must issue the degree(s).

Complimentary security certifications – Certification Applicants are eligible to waive one year of experience by possessing one or more of the following IT security certifications:

  • CompTIA Advanced Security Practitioner (CASP+)
  • CompTIA Cybersecurity Analyst (CySA+)
  • CompTIA Security+
  • EC-Council Certified Ethical Hacker Security+ (CEH)
  • Global Information Assurance Certified (GIAC)
  • ISACA Certified Information Security Manager (CISM)
  • ISACA Certified Information Systems Auditor (CISA)
  • ISC2 Certified Information Systems Security Professional (CISSP)
  • ISC2 Certified Authorization Professional (CAP)
  • ISC2 System Security Certified Practitioner (SSCP)

Certification Applicants may not waive more than three years of experience with any combination of education and complimentary security certifications. All FITSP Certification Applicants must provide documented experience details after passing the exam through the FITSI Certification Application Form (and supporting documents).