Who is affected by this directive?

Because both full-time and part-time military service members, contractors, and foreign employees with privileged access must obtain certification, this directive affects an estimated 100,000 personnel. In addition, certified personnel are required to maintain certification by completing a certain number of hours of continuing professional education each year. At the time of its conception, in 2004, the directive required a certain percentage of personnel to obtain the appropriate certification and be compliant. This percentage increased each year. Now, in 2011, all military personnel must be compliant.

What certifications are required?

Because of a recently-added clause to the Defense Federal Acquisition Regulation Supplement (DFARS) requiring businesses bidding on new DoD IT contracts to have compliant personnel, it is essential that companies understand the specific details and requirements of these certifications. While some certifications can be earned by passing a single exam, others require passing two exams or having other certifications, as well as past experience. The primary IA certifications with which both companies and personnel should be familiar include the following:

· CompTIA A+ – Users who attain the A+ certification are usually referred to as a helpdesk technician, computer support professional, or IT technician. In addition to having strong technical knowledge, these professionals have good customer service skills and a willingness to assist clients with their computer needs. This particular certification can be obtained by passing two exams: CompTIA A+ Essentials (220-701) and CompTIA A+ Practical Applications (220-702). For each exam, candidates have 90 minutes to complete 100 questions.

· CompTIA Security+ – An entry-level credential that demonstrates the candidate’s understanding of concepts relative to Information Security in the workplace, this certification paves the way for experienced professionals seeking careers as security architects, security engineers, security consultants, information assurance technicians, security administrators, systems administrators, or network administrators. In addition, CompTIA Security+ is an ideal certification for military personnel or military contractors at the U.S. Department of Defense. The CompTIA Security+ exam (SY0-301) is approximately 100 questions that candidates must answer within 90 minutes.

· CompTIA Network+ – The Network+ certification is considered by the IT industry as being foundational for all of IT networking. Individuals who attain this certification usually carry titles such as Network Administrator, Junior Network Engineer or Internet Technician. It is recommended that candidates for this certification have the CompTIA A+ certification (or equivalent knowledge), as well as 9-12 months of experience in IT networking. The certification can be obtained by passing exam N10-004. For this exam, candidates have 90 minutes to answer 100 questions.

· Certified Information Systems Security Professional (CISSP) – The CISSP is an advanced certification meant for IT professionals who want to achieve heightened mastery of information security. Earning the CISSP certification requires a candidate to pass a single exam and meet the exam vendor’s prerequisites. The two prerequisites for this exam are for the candidate to: “execute the candidate agreement, attesting to the truth of the candidate’s experience assertions and legally commit to adhering to the Code of Ethics”; and successfully “answer four questions regarding criminal history and related background.” Users who attain this exam commonly carry the titles of Security Auditor or Network Security Analyst.

· Systems Security Certified Practitioner (SSPC) – The SSCP certification is designed for IT professionals who want to achieve an international standard for practitioners of information security and understanding of a Common Body of Knowledge (CBK). The passing score for this form-based multiple choice exam is a scaled score of 700 points or greater. Currently, there are 125 questions that the candidate must answer in 3 hours.

· Security Certified Network Professional (SCNP) – This certification aims to give network administrators the additional hands-on skills needed to product their networks from security threats and vulnerabilities. The qualifying exam for this certification, SC0-471, contains 60 questions that candidates have 90 minutes to answer. A passing score is 75%.

· Certified Ethical Hacker (CEH) – The Certified Ethical Hacker certification indicates that skilled security professionals understand and know how to look for weaknesses and vulnerabilities in target systems, and use the same knowledge and skills as malicious hackers. CEH exam 312-50 (EC0-350 for non EC-Council prep course examinees) is the only exam required to earn the Certified Ethical Hacker certification. Currently, the exam consists of 150 multiple choice questions which examinees are given 4 hours to complete. The passing score is 70%.

Similarly, candidates should also be familiar with the following common OS certifications:

· MCITP: The Microsoft Certified IT Professional (MCITP) credential ensures that a technician’s abilities and skills are at the level required to perform a specific job role. As such, all MCITP certifications are built on the firm foundation of the technical proficiencies measured by the Microsoft Certified Technology Specialist (MCTS) certifications, which cover specific Microsoft technologies and tasks within those technologies. Essentially, in order to earn an MCITP accreditation, you must first prove mastery of the technologies used in that job role through MCTS credentials.

· MCTS: Microsoft Certified Technology Specialist (MCTS)credentials are single-test certifications that validate a technician’s expertise with an individual Microsoft technology or a single aspect of a Microsoft technology, in the case of Server 2008, SQL Servers 2005 and 2008 and a few other Microsoft technologies. Most Microsoft products have an associated MCTS.

· CCNA: The Cisco Certified Network Associate (CCNA) is an entry-level certification designed for network administrators and engineers. The qualifying exam can be taken in one of two forms. First, the CCNA can be taken in one, single exam – The CCNA Composite 640-802. Second, it can be taken as a two part exam designated Interconnecting Cisco Network Devices 1 and 2 (ICND1 and ICND2). A majority of the professional networking world considers the CCNA to be the de facto Network Engineering exam that qualifies a user to operate a small to medium business network. Furthermore, the CCNA opens doors for new exams, such as the CCNP (Cisco Certified Network Professional) and CCDP (Cisco Certified Design Professional) certifications. Overall, the CCNA has several subjects that it covers in detail, but the primary subjects of concern are Routing and Switching, including but not limited to the use of: IP, IGRP, Serial, Frame Relay, IP RIP, VLANs, RIP, Ethernet, and access lists. After attaining the CCNA, the exam is valid for three years before it must be recertified.

· Oracle DBA-OCA: The Oracle Database 10g: Administration I certification demonstrates conceptual understanding of the Oracle database architecture and how its components work and interact with one another. The DBA I OCA allows you to create operational databases and properly manage the various structures in an effective and efficient manner including performance monitoring, database security, user management, and backup/recovery techniques. With the 1Z0-043 Oracle Database 10g: Administration II exam, you will be able to conduct various methods of recovering the database by using RMAN, SQL, and Flashback technology. The OCP DBA II will also ensure your ability to utilize various extensive database technologies, such as Resource Manager, the Scheduler, and Automatic Storage Management (ASM).

Contact Teresa Pla, CTT’s “VA School Certifying Official”, today and she will assist you in the process.  Teresa may be reached at 813-341-0900 or by email at teresapla@cttschool.com.