Watching the replay of the Security Congress Town Hall, the board are proposing (50-52 mins) that CISSP concentrations be downgraded to non-proctored, near worthless, "certificates".
I understand that there may not be sufficient demand to maintain the exams, but I would hope that, if this happens, existing certification holders will be able to maintain their status through continued CPEs.
Particularly considering that, until recently, ISC2 was insisting that it had no plans to terminate the concentrations. Plans can change, but those who acted on ISC2's statements should not have their efforts (and money) hung out to dry.
@AndreaMoore about 50 minutes into the Q4 update, Clar and Zachary are discussing possible paths forward after CISSP, and an educational path for CISOs. ISSMP and other concentrations are not even mentioned.
Could we please have some clarity on the board's plans for the concentrations? I'd planned on taking ISSMP, but given all this uncertainty, I'm putting it on hold until the board can make a clear statement of strategy for the future of CISSP concentrations.
The CISSP Concentrations came about when the U.S. National Security Agency contracted with (ISC)2 first to design and then to create & manage a certification for Information System Security Engineers (ISSE). That happened because the NSA had decided to move most of their in-house ISSE positions from government employees to contractors and wanted a way to verify that the contracted employees had the requisite ISSE knowledge. Thus was born the CISSP-ISSEP. At the time the ISSEP domain structure relied heavily on the (now old) Information Assurance Task Force (IATF) Volume 3, as published by the NSA. since replaced by NIST SP 800-160.
Those of us who had been watching that effort were a bit surprised when (ISC)2 released the ISSMP and ISSAP along with the ISSEP, simply because we had not heard of any reason either the job market or members might want the management or architecture concentrations.
If the ISSEP is being re-looked that raises two questions:
1. Does the NSA currently require the CISSP_ISSEP for any employees or contractors?
2. Is (ISC)2 in discussions with either NSA or NIST (regarding SP 800-160 Vol 1), as part of any review?
This is not a new question on the forum: see
? CISSP-ISSEP at NSA? from May 2021.