SSCP (Systems Security Certified Practitioner) Information

A SSCP or Systems Security Certified Practitioner is a mid-level information security professional. The SSCP certification is intended for those who implement information security solutions, not the development of information security policies or design system architecture.

Someone with an SSCP certification may work as a system administrator, application developer, information security specialist, network security professional or information security auditor.

An SSCP must have at least one year of experience in the information security field to be eligible for the exam.

According to the (ISC)2 website, the candidate must have at least one year of experience in one of the following Common Body of Knowledge or CBK areas: access controls, cryptography or encryption, malicious code, monitoring and analysis, networks and communications, risk response and recover and security operations and security administration. Each one of these seven subject areas is called a CPK domain.

To take the SSCP exam, the candidate must be endorsed by someone is already (ISC)2 certified and in good standing with the International Information Systems Security Certification Consortium. This is the person who will vouch for the candidate’s year or more of information security experience.

The International Information Systems Security Certification Consortium, also called the (ISC)2 or ISC squared for short, developed the exam taken to earn the Systems Security Certified Practitioner credential. You will need to pay a fee to take the SSCP exam to take it at an independent third party testing location recognized by the ISC-squared.

SSCP candidates can take a computer based test or paper based test. A score of 700 or higher is a passing grade.

For someone who has work experience but not a full year of experience in a CBK area, does not have an existing consortium member to vouch for their experience, or is a recent graduate, the (ISC)² offers an alternative.

The candidate can join (ISC)² and become an associate of (ISC)². After agreeing to obey the (ISC)² code of ethics, the associate must take an information security certification exam such as the CISSP or the SSCP exam. The candidate must then take several continuing education courses with the (ISC)² to earn the Systems Security Certified Practitioner credential. Those who have passed the exam but do not yet have the requisite experience list “Associate of (ISC)2 for SSCP” on their resumes instead of simply “SSCP”.

You must become maintain membership of (ISC)2. The (ISC)² requires you to pay an annual maintenance fee called the AMF. Every three years, you must retake the SSCP exam to renew the SSCP certification.

Someone with the SSCP certification must earn continuing education credits through the (ISC)². An SSCP must agree to abide by the International Information Systems Security Certification Consortium Code of Ethics.

Individuals often hold other information security credentials before taking the Systems Security Certified Practitioner exam. For example, an SSCP may have previously taken the Certified Information Systems Security Professional or CISSP exam or earned a Global Information Assurance Certification or GIAC certification like the GIAC Security Essentials Certification.

An IT professional may have a vendor-specific information security credential like Microsoft Certified IT Professional (MCITP) or Cisco Certified Security Professional (CCSP) certification. SSCP holders may also have the CompTIA Security+.

Department of Defense Directive 8570, or DoDD 8570 for short, is a standard set of certifications and levels used by the military, the federal government and defense contractors. SSCP counts toward Department of Defense certification as Information Assurance Training or IAT Level I.