CPEs for CISSP and CSSLP

ericst

I have passed the CISSP exam and going through the endorsement process. Once this is taken care, I am thinking about taking the CSSLP exam. Do I have to earn separate set of CPEs for maintaining both these certs? Will earning the 120 CPEs needed for CISSP satisfy the 90 CPEs needed for CSSLP?

Thanks,
Eric

JDMurray

Congratulations on passing the CISSP exam!

You must collect separate CPEs for each (ISC)2 cert you pick up. This includes Associate of the (ISC)2 designations too. When you enter your CPEs on the www.isc2.org Web site, you will choose from a drop-down list which cert to apply each CPE to.

The good new is that your can double-up your CPEs across all certification vendors. For example, you pick up 8 CPEs for attending a one-day security workshop, you can apply those 8 to a single (ISC)2 cert, AND to your CompTIA Security+ cert (received after 12/31/2010), and one of your EC-Council certs, such as the C|EH.

ericst

Thanks for the information JD.
My main focus is Web App Security which is why I was thinking about getting the CSSLP. Do you know of any other certification that focuses of app security where I can also double-up the CPEs?

JDMurray

I don't know of any software cert vendors that require CPEs. This requirement is usually due to the need to be compliant with ISO 17024, and not a lot of cert vendors care about that (yet).

The CSSLP is specifically for certifying knowledge of the Secure Software Development Life Cycle (SSDLC). It isn't specific to the security of a software-based technology, such as Web applications. You should looks at the Microsoft and Oracle Java certs for specializations. OWASP is suppose to (eventually) release a Web technology security certification, which is what you really want, but there's no release date yet.