US DOD accepts CompTIA's Advanced Security Practitioner certification
Employees and contractors must obtain various industry-based certifications to work in DOD data centres
By Ellen Messmer | Network World US | Published: 17:16, 22 March 2013
The US Department of Defense (DOD) has begun including the security certification known as "CompTIA Advanced Security Practitioner" (CASP) in its accepted roster of industry-based security exams to prove technical skills, the trade group says.
CompTIA came up with CASP last year and it's the toughest technical exam related to networking security it's ever introduced, says Terry Erdle, executive vice president, skills certification. The DOD had provided input to CompTIA regarding what it wanted in a networking security exam and has now accepted CASP for accreditation under what's known as the US Department of Defense Information Assurance Workforce Improvement Program.
The rules for that are spelled out under the DOD's 8570.01-M criteria, and CASP is now said to be approved as a baseline certification for Information Assurance Technical Level III, IS Manager Level II and IA Systems Architect and Engineer Levels I and II.
The DOD has required both employees and contractors to obtain various industry-based certifications to perform certain functions in DOD data centres and networks, and the CASP exam -- if you can pass it -- is now also a certification that will apply.
It's recommended that anyone wanting to take the CASP exam have a minimum of 10 years of experience in IT administration and at least five years of hands-on technical experience.
The CASP, about 2.5 hours, consists of 80 questions given in a computer-based setting that involve some hands-on skills demonstration, such as simulated firewalls. It's intended to be vendor-neutral. The scope of CASP appears to be extensive, testing the applicant's knowledge of enterprise security; risk management, policy and legal procedures, research and analysis; and business-oriented understanding in regards to computing and communications.
"It's very technical," says Erdle. Subjects include cryptography and certificate management, virtualisation security, knowledge of enterprise storage, vulnerability management, SCADA, VoIP and IP6 protocols, and a broad swatch of host- and network-based security used in applications and for remote access.
There are about 8,000 testing centres run by Pearson Vue that offer the CASP exam, as well as other tests, on a schedule basis. The cost for the CASP tests is about $379.