DOD accepts CompTIA's Advanced Security Practitioner certification

The Department of Defense (DOD) has begun including the security certification known as "CompTIA Advanced Security Practitioner" (CASP) in its accepted roster of industry-based security exams to prove technical skills, the trade group says.

CompTIA came up with CASP last year and it's the toughest technical exam related to networking security it's ever introduced, says Terry Erdle, executive vice president, skills certification. The DOD had provided input to CompTIA regarding what it wanted in a networking security exam and has now accepted CASP for accreditation under what's known as the U.S. Department of Defense Information Assurance Workforce Improvement Program.

[ BY THE NUMBERS: Obama's 2013 IT budget: Less for DOD, less overall ]

The rules for that are spelled out under the DOD's 8570.01-M criteria, and CASP is now is now said to be approved as a baseline certification for Information Assurance Technical Level III, IS Manager Level II and IA Systems Architect and Engineer Levels I and II.

The DOD has required both employees and contractors to obtain various industry-based certifications to perform certain functions in DOD data centers and networks, and the CASP exam -- if you can pass it -- is now also a certification that will apply.

It's recommended that anyone wanting to take the CASP exam have a minimum of 10 years of experience in IT administration and at least five years of hands-on technical experience.

The CASP, about 2.5 hours, consists of 80 questions given in a computer-based setting that involve some hands-on skills demonstration, such as simulated firewalls. It's intended to be vendor-neutral. The scope of CASP appears to be extensive, testing the applicant's knowledge of enterprise security; risk management, policy and legal procedures, research and analysis; and business-oriented understanding in regards to computing and communications.

"It's very technical," says Erdle. Subjects include cryptography and certificate management, virtualization security, knowledge of enterprise storage, vulnerability management, SCADA, VoIP and IP6 protocols, and a broad swatch of host- and network-based security used in applications and for remote access.

There are about 8,000 testing centers run by Pearson Vue that offer the CASP exam, as well as other tests, on a schedule basis. The cost for the CASP tests is about $379.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Assurancesecurity certificationAdvanced Security PractitionersecuritycomptiaDefense Departmentgovernmentindustry verticals

More about CompTIAIDGPearson

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts