The Certified Information Systems Security Professional (CISSP) certification has been found comparable to Level 7 of the Regulated Qualifications Framework (RQF) in the UK, denoting that the certification is comparable to Masters degree standard.
This further validates the achievement of CISSP-certified professionals in their ongoing career and qualification progression and supports educational institutions looking to determine weighting of a relevant certification to award course credits. It follows the American Council on Education’s College Credit Recommendation Service (ACE CREDIT®) recognizing six (ISC)² certifications as eligible for college credit.
The benchmarking of the CISSP was conducted by UK NARIC, the UK’s designated national agency responsible for providing information and expert guidance on academic, vocational and professional qualifications from across the world. UK NARIC conducted an in-depth independent benchmarking study of the CISSP certification, using its well-established methodology for credential evaluation. This involved reviewing core qualification components as well as a comparative analysis of the skills assessed during a candidate’s computer adaptive test (CAT) examination to the RQF.
The analysis saw UK NARIC conclude the qualification assessed knowledge and skills comparable to the RQF Level 7 standard, with clear emphasis on assessing specialized cybersecurity knowledge, understanding and application of skills including: organizational problem solving and decision making, awareness and correct use of industrial standards, policy and best practice, along with understanding and appropriate use of methodologies, techniques and training in relation to cybersecurity.
“Recognizing the CISSP as comparable to Masters level qualifications further underlines the robust educational and operational value of the certification within Europe,” said Deshini Newman, managing director EMEA at (ISC)². “It will support our members in their career progression as they embark on opportunities both within their own organizations and externally when applying for roles with degree entry criteria.”
The RQF is a framework developed by the UK Government to describe the demands in different qualifications across an eight-level scale. The RQF can be used to help understand how qualifications relate to each other. As the levels of the RQF have also been referenced to the eight levels on the European Qualifications Framework (EQF), the RQF and EQF can help employers understand and compare qualifications awarded in different countries, allowing for portability or transferability across the region.
UK NARIC’s independent benchmarking of the CISSP to the RQF enables certification holders to understand how their qualification compares in the context of the UK education system, and to the RQF.
UK NARIC’s recognition of the certification is effective immediately and extends to all members in good standing that hold the CISSP. If you have additional questions about your certification, please contact membersupport@isc2.org.
@AndreaMoore wrote:The Certified Information Systems Security Professional (CISSP) certification has been found comparable to Level 7 of the Regulated Qualifications Framework (RQF) in the UK, denoting that the certification is comparable to Masters degree standard.
[...]
“Recognizing the CISSP as comparable to Masters level qualifications further underlines the robust educational and operational value of the certification within Europe,” said Deshini Newman, managing director EMEA at (ISC)². “It will support our members in their career progression as they embark on opportunities both within their own organizations and externally when applying for roles with degree entry criteria.”
Ooh, I'd be careful about pushing this, (ISC)^2.
As Cragin has noted:
@CraginS wrote:If (ISC)2 plans to routinely report this status in promoting the CISSP, it seem that it will make it legally and ethically impossible for (ISC)2 to forbid former CISSPs who have retired or voluntarily let their (ISC)2 memberships to relapse from using the phrase "former CISSP" or "retired CISSP."
I've had both. I've still got my Masters. I've never had to pay the uni to let me keep it.
Kevin, somewhat in oppostion, noted:
@kevinkidder wrote:The skills assessed for the CISSP are very time sensitive, which is why the ISC requires that members are committed to stay current in the field with CPEs. The knowledge assessed will be outdated in a relatively short time frame.
I wouldn't agree. When I was doing the seminars, a lot of candidates would ask about other certs. I told them that if you wanted a job tomorrow, you went to SANS. If you still wanted a job in ten years, you got the CISSP. Yes, there are a number of questions on the exam that rely on up-to-date technical information. But a lot of them also ask you about historical information. (I recall, on my own exam, thinking of one question, that there was probably nobody else in the room who was old enough to remember what that term meant.) And a very large number of the questions on the exam are based, not on facts dug up by the ISC2 exam committee, but on the collective assessment of a large number of professionals as to whether you have the judgment and critical thinking necessary to decide as a proper security professional would in that situation.
That's not time sensitive.
I believe this is setting a dangerous precedent as highlighted by @rslade and @CraginS .
Just this morning, I saw this on LINKEDIN:
Cybersecurity Visionary, Professor, Senior Security Architect, Author, CISSP Equivalent to a Master’s Degree.
So I cannot use CISSP Lapsed or expired or ? but someone did put this up...... I have sent a note to the Office highlighting this issue.
As to whether it should be compared to a Masters Degree, I have very, very mixed emotions. I have had CISSPs working for me that had no more than a High School education and I have also had Ph.D's on staff that had the CISSP.
I have to agree with @rslade that (ISC)2 should be very careful in the language they use, specifically around
“It will support our members in their career progression as they embark on opportunities both within their own organizations and externally when applying for roles with degree entry criteria.”
I can buy within but not sure about externally when applying for roles with degree entry criteria.............
And fully agree, I have my degrees from university and do not have to pay to maintain them, but every year, I get a notice from (ISC)2 that in order to continue to use the Mark.
@CraginS has it right when he says that this is going to make it difficult for (ISC)2 to stop people from using the Mark in some form that they do not agree with.............
My dime
d
What You Need to Know: CISSP Comparable to U.K. Master's Degree Standard
(ISC)2 recently announced the CISSP certification has been formally recognized as comparable to the U.K.’s Master’s degree standard, following the completion of an independent benchmarking process. We’ve compiled information here to help members – especially those in the U.K. and across Europe – understand this achievement.
Read more: https://blog.isc2.org/isc2_blog/2020/05/cissp-comparable-to-uk-masters-degree-standard.html
@AndreaMoore wrote:What You Need to Know: CISSP Comparable to U.K. Master's Degree Standard
(ISC}2 recently announced the CISSP certification has been formally recognized as comparable to the U.K.’s Master’s degree standard, following the completion of an independent benchmarking process. We’ve compiled information here to help members – especially those in the U.K. and across Europe – understand this achievement.
Andrea,
None of us are saying the evaluation of the CISSP is not valid. The NARIC RQF Level 7 is pretty darn cool, and likely quite appropriate. (I realize Diana @dcontesti is shaky on the issue, but not totally opposed.) Note Grandpa Rob's @rslade comparison to his degree status.
We are calling attention to the long stated (ISC)2 policy that a former CISSP is supposedly not allowed to used the CISSP mark in any self identification (e.g. cv, resume, business card, etc.), I have been well aware of that restriction for some time, although I have never heard of (ISC)2 taking an action against such a person.
[side issue: this restriction is why I asked you about the current unexplained usage of CISSP Retired membership.]
We are suggesting that the trademark infringement policy and threat by (ISC)2 against those who have held the certification in good standing in the past, and simply no longer pay dues, will not be able to stand legal judgment if (ISC)2 makes a big deal about the Master's equivalency.
Something to think about eh?
Stay heathy!
Craig
@dcontesti wrote:...
As to whether it should be compared to a Masters Degree, I have very, very mixed emotions. I have had CISSPs working for me that had no more than a High School education and I have also had Ph.D's on staff that had the CISSP. ...
Diana,
Once upon a time, in the far back early days of academia, a Masters's degree indicated that a student had built upon journeyman knowledge acquired in earning a bachelor's degree, and had now shown to be a master of at least one facet of the bachelor's degree field. Those days are LONG gone. Today, very many post-graduate students earn master's degrees in field essentially unrelated to their undergraduate majors and minors. They use the master's program to cross train into a new field without being burdened with he cost and time of a completely new bachelor's. This is particularly so in the field of infosec / cybersec! Dozens of cybersec master's programs were created for that very purpose, because there had been no such undergrad major available until just a few years ago. Remember, also, that many with a research doctorate (e.g. PhD, DSc) or professional doctorate (eg. MD, JD). go back to expand their skill sets by earning master's degrees such as MBA, MPH, etc..
With the above understanding, it would not surprise me if your high schooler CISSPs do. in fact, have the knowledge, skills, and abilities of someone with an MS in cybersecurity. We have some very interesting academic vs. capability anomalies in our field. I am aware of a highly capable cybersec practitioner and researcher, whose ONLY degree is a PhD! She convinced her mentors and his university to accept her in spite of no undergrad or other postgrad credentials, and she is doing quite well for herself!
As for the PhDs, remember that a research degree in no way prepares a grad to be a practitioner in the business world. It may show they are pretty darn smart and driven,, but those traits are what allow movement into successful non-research practice. (And I have know some brilliant an accomplished PhDs, and some rather dull and plodding PhDs.)
Crag
Yup these are just some of the reasons, I don't think saying its a masters is appropriate.
However since reading @AndreaMoore note, I am feeling a little better.
Still trying to wrap my head around what this actually means. As I understand it, this decision comes out of the UK and has some merit throughout Europe. I have no idea what this means in the U.S. I assume it may have some bearing on transfer/experiential credits at some Universities. I doubt someone can skip a Master's program and jump straight into a Doctorate. But perhaps individual educational institutions are free to make of it what they will.
Totally agree that this has high risk of turning into a misleading headline "CISSP == Masters", when it really is just recognizing that earning a CISSP requires a masters-level knowledge and.or work effort. Even the subject of this thread mostly falls into that trap.
For this to really have much meaning, the other certs (Sec+, SSCP, CISM, etc.) need RQF rankings as that is CISSP's true competition.
Buried way down in the blog entry, one does find explanations without the marketing and technical mumbo-jumbo.
https://blog.isc2.org/isc2_blog/2020/05/cissp-comparable-to-uk-masters-degree-standard.html
Does this mean that the CISSP is the same as a Master’s degree?
... CISSP is considered an educational achievement that is the same level needed to achieve a Master’s...
I have a CISSP. Is it fair for me to say I now have a Master’s?
No...
Great feedback and discussions. I will continue to keep sharing this feedback with our team.
In question to whether this changes credential usage policy, I wanted to share this statement publicly:
The policy has not changed. To clarify, the U.K. NARIC assessment of the CISSP does not change our existing certification marks usage policies, or relieve us of our responsibility to enforce a global, standard representation of how (ISC)2 credential holders share their accomplishments. The policy can be accessed here: https://www.isc2.org/Policies-Procedures/Copyright-Information
As an accredited certification body, we have an obligation to enforce our usage policies relating to how and when our certification marks are used by members. We are required to provide certification holders with a standard policy and prove that we enforce these standards as an ISO 17024 Accreditation Requirement. The U.K. NARIC assessment of the CISSP as being considered at an educational level the same as what is needed to achieve a master’s degree does not impact our existing certification usage policies, or relieve us of our responsibility to enforce a global, standard representation of how (ISC)2 credential holders share their accomplishments.
Sharing this FAQ document again so it is easy to find in this thread: https://blog.isc2.org/isc2_blog/2020/05/cissp-comparable-to-uk-masters-degree-standard.html
The CISSP took me little less than 90 minutes to complete to include coloring in the dots. My MBA took 2.5 years while fighting in various conflicts while in the service. No comparison for myself, whatsoever.
I do find Europe making the exam comparable to an MBA to be questionable at best. This is gonna come back to haunt us as practitioners.
- b/eads