The CSSLP is now accredited under the ANSI/ISO/IEC Standard 17024, which establishes a global benchmark for the certification of personnel to ensure knowledge and technical competency in different professions. ANSI accredits standards developers, certification bodes, and technical advisory groups to both the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
To be certified by ANSI, an organization must comply with requirements regarding process, practice, and ethics, and must be reviewed annually. The areas that ANSI monitors include: corporate governance, internal audit and management review systems, use of subject matter experts, personnel files and policies, management of confidential and objectivity requirements, and procedures for monitoring the ethics of certificate holders.
According to (ISC)², the CSSLP aims to stem the proliferation of software vulnerabilities by establishing best practices and validating personnel competency in addressing security issues throughout the software lifecycle. The certification is applicable to analysts, developers, software engineers, software architects, project managers, software quality assurance testers, programmers, and others involved in the software lifecycle.
Glenn Leifheit, CSSLP and lead security consultant for FICO, said that “the need for secure software is critical to protecting businesses and consumers. A key solution is ensuring software development professionals are fully versed in secure software concepts and best practices. That’s what makes the CSSLP so invaluable, and the ANSI accreditation further validates its worth to individuals and organizations.”