Global Certifications
NCIIPC-QCI Conformity Assessment Framework for Cybersecurity of CSEs
The implementation, operation and management of cyber security in CSEs requires to be assessed by independent accredited Certification Bodies (CBs) and Inspection Bodies (IBs) for compliance with prescribed standards for the sectors. Further, the CSEs require competent cyber security professionals, who are assessed and certified by independent accredited Personnel Certification Bodies (PrCBs). The CSEs also require competent consultancy organisations (COs) and training bodies (TBs), whose expertise and competence is assessed and certified by independent Accreditation Bodies (ABs).
NCIIPC and Quality Council of India (QCI) have formulated and designed a comprehensive Scheme for “Conformity Assessment Framework for Cybersecurity of Critical Sector Entities”. The objective of the Scheme is to establish robust cybersecurity accreditation, certification and inspection processes for
- critical sector entities (CSEs)
- cybersecurity professionals
- consulting organisations (COs)
- training bodies (TBs)
The Scheme incorporates the international framework for accreditation of conformity assessment bodies, viz, CBs, IBs and PrCBs, which is the most appropriate mechanism to ensure quality, integrity, consistency and standardisation.
The CAF for cyber security of CSEs comprises of the following Schemes:
- Certification Scheme for Cyber Security Management System (CSMS) at Levels 1,2 and 3.
- Inspection Scheme for Information Technology and Industrial Control Systems (IT/ICS).
- Personnel Certification Scheme for Cyber Security Professionals.
- Accreditation Scheme for IT/ICS Consultancy Organisations (COs).
- Accreditation Scheme for IT/ICS Training Bodies (TBs).
Details of the Scheme are available on NCIIPC and QCI websites.
The outcomes delivered by the Schemes are as under:
Pool of accredited CBs & IBs: The Government, Regulators, NCIIPC, CSEs and other organisations will have a pool of accredited CBs and IBs for carrying out conformity assessment and/ or inspection of an organisation’s information infrastructure and information security/ cybersecurity management system (ISMS/ CSMS).
Pool of accredited PrCBs and certified Cyber Security Professionals: All organisations will have an indigenous pool of certified cybersecurity professionals, who are assessed and certified by accredited PrCBs for their competence (knowledge, skills, expertise) to implement and ensure IT and OT cyber resilience. The competency certification of cybersecurity professionals is closely aligned with the workforce competency described here.
Pool of accredited COs and TBs: All organisations will have an indigenous pool of accredited COs and TBs with independently certified expertise and competence, to provide them cybersecurity consultancy services and train their workforce. The COs and TBs themselves will leverage the established pool of CSPs for delivering their services.
The Scheme as a whole is adapted to the cybersecurity requirements of CSEs and other organisations of the Indian ecosystem. It is expected to contribute to building national capacity in the cybersecurity domain.
Global Certifications
An illustrative list of cybersecurity certifications offered by global certifying bodies has been compiled from publicly available information and is given below. It also gives a generic mapping of the certifications to the domains defined here. The list has not been vetted for correctness and completeness. Suggestions for improvements and rectification of errors are welcome.
| . | Issuing Body | Certification | Description | Indicative Domain(s) |
|---|---|---|---|---|
| 1 | ISACA | CISA | Certified Information Security Auditor | Governance, Risk and Compliance |
| 2 | ISACA | CRISC | Certified in Risk and Information Systems Control | Governance, Risk and Compliance |
| 3 | ISACA | CISM | Certified Information Security Manager | Cyber Defence |
| 4 | ISACA | CGEIT | Certified in the Governance of Enterprise IT | Governance, Risk and Compliance |
| 5 | ISACA | CSX–P | Cybersecurity Practitioner Certification | Cyber Defence |
| 6 | ISACA | CDPSE | Certified Data Privacy Solutions Engineer | Applications & Data Security Administration |
| 7 | ISACA | ITCA | Information Technology Certified Associate | Cyber Defence |
| 8 | ISACA | CET | Certified in Emerging Technology Certification | Technology & System Security Architecture |
| 9 | ISACA | COBIT Foundation | COBIT Foundation Certificates | Governance, Risk and Compliance |
| 10 | ISACA | COBIT Design | COBIT Design and Implementation | Governance, Risk and Compliance |
| 11 | ISACA | COBIT and NIST | Implementing the NIST Cybersecurity Framework Using COBIT 2019 | Governance, Risk and Compliance |
| 12 | ISACA | IT RISK | IT Risk Fundamentals Certificate | Governance, Risk and Compliance |
| 13 | ISACA | CCAK | Certificate in Cloud Auditing Knowledge | Governance, Risk and Compliance |
| 14 | ISACA | CSX NEXUS | CSX Nexus Cybersecurity Certificates | Governance, Risk and Compliance |
| 15 | ISACA | CYBERSECURITY AUDIT | Cybersecurity Audit Certificate Program | Governance, Risk and Compliance |
| 16 | ISACA | COMPUTING | Computing Fundamentals Certificate | Security Support Services |
| 17 | ISACA | NETWORKS AND INFRA | Networks and Infrastructure Fundamentals Certificate | Network & Systems Security Administration |
| 18 | ISACA | CYBERSECURITY | Cybersecurity Fundamentals Certificate | Security Support Services |
| 19 | ISACA | S/W DEVELOPMENT | Software Development Fundamentals Certificate | Secure Software Development |
| 20 | ISACA | CLOUD | Cloud Fundamentals Certificate | Technology & System Security Architecture |
| 21 | ISACA | BLOCKCHAIN | Blockchain Fundamentals Certificate | Technology & System Security Architecture |
| 22 | ISACA | IOT | IoT Fundamentals Certificate | ICS Cybersecurity |
| 23 | ISACA | AI | Artificial Intelligence Fundamentals Certificate | Technology & System Security Architecture |
| 24 | ISC2 | CISSP | Certified Information Systems Security Professional | Cyber Defence |
| 25 | ISC2 | SSCP | System Security Certified Practitioner | System Security Administration |
| 26 | ISC2 | CCSP | Certified Cloud Security Professional | System Security Administration |
| 27 | ISC2 | CAP | Certified Authorisation Professional | Governance, Risk and Compliance |
| 28 | ISC2 | CSSLP | Certified Secure Software Lifecycle Professional | Secure Software Development |
| 29 | ISC2 | HCISSP | Healthcare Information Systems Security Professional | Cyber Defence |
| 30 | ISC2 | CISSP ISAP | Information System Security Engineering Professional | Technology & System Security Architecture |
| 31 | ISC2 | CISSP ISEP | Information System Security Management Professional | System Security Administration |
| 32 | ISC2 | CISSP ISMP | Information System Security Architecture Professional | Technology and System Security Architecture |
| 33 | GIAC | GSEC | GIAC Security Essentials (GSEC) | Cyber Defence |
| 34 | GIAC | GCIA | GIAC Certified Intrusion Analyst (GCIA) | Cyber Defence |
| 35 | GIAC | GMON | GIAC Continuous Monitoring Certification (GMON) | Cyber Defence |
| 36 | GIAC | GCPM | GIAC Certified Project Manager (GCPM) | Cybersecurity Training & Awareness |
| 37 | GIAC | GPEN | GIAC Penetration Tester (GPEN) | Cyber Defence |
| 38 | GIAC | GSOM | GIAC Security Operations Manager (GSOM) | Security Operations |
| 39 | GIAC | GOSI | GIAC Open Source Intelligence (GOSI) | Cyber Vulnerability, Threat and Risk Management |
| 40 | GIAC | GNFA | GIAC Network Forensic Analyst (GNFA) | Cyber Defence |
| 41 | GIAC | GXPN | GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) | Cyber Defence |
| 42 | GIAC | GWAPT | GIAC Web Application Penetration Tester (GWAPT) | Cyber Defence |
| 43 | GIAC | GREM | GIAC Reverse Engineering Malware (GREM) | Cyber Defence |
| 44 | GIAC | GCIH | GIAC Certified Incident Handler (GCIH) | Cyber Vulnerability, Threat and Risk Management |
| 45 | GIAC | GCCC | GIAC Critical Controls Certification (GCCC) | Cyber Vulnerability, Threat and Risk Management |
| 46 | GIAC | GCFA | GIAC Certified Forensic Analyst (GCFA) | Cyber Forensics and Investigation |
| 47 | GIAC | GCFS | GIAC Certified Forensic Examiner (GCFE) | Cyber Forensics and Investigation |
| 48 | GIAC | GSTRT | GIAC Strategic Planning, Policy, and Leadership (GSTRT) | Governance, Risk and Compliance |
| 49 | GIAC | GISP | GIAC Information Security Professional (GISP) | |
| 50 | GIAC | GLEG | GIAC Law of Data Security & Investigations (GLEG) | Governance, Risk and Compliance |
| 51 | GIAC | GWEB | GIAC Certified Web Application Defender (GWEB) | Applications and Data Security Administration |
| 52 | GIAC | GSOC | GIAC Security Operations Certified (GSOC) | Security Operations |
| 53 | GIAC | GSNA | GIAC Systems and Network Auditor (GSNA) | System Security Administration, Network Security Administration |
| 54 | GIAC | GSLC | GIAC Security Leadership (GSLC) | Governance, Risk & Compliance |
| 55 | GIAC | GRID | GIAC Response and Industrial Defence (GRID) | Cyber Vulnerability, Threat and Risk Management |
| 56 | GIAC | GPYC | GIAC Python Coder (GPYC) | Multiple domains |
| 57 | GIAC | GPCS | GIAC Public Cloud Security (GPCS) | System Security Administration |
| 58 | GIAC | GMOB | GIAC Mobile Device Security Analyst (GMOB) | System Security Administration |
| 59 | GIAC | GISF | GIAC Information Security Fundamentals (GISF) | Cyber Defence |
| 60 | GIAC | GICSP | Global Industrial CSP (GICSP) | Cyber Vulnerability, Threat and Risk Management |
| 61 | GIAC | GFACT | GIAC Foundational Cybersecurity Technologies (GFACT) | Cyber Vulnerability, Threat and Risk Management |
| 62 | GIAC | GEVA | GIAC Enterprise Vulnerability Assessor (GEVA) | Cyber Defence |
| 63 | GIAC | GDSA | GIAC Defensible Security Architecture (GDSA) | Cyber Defence |
| 64 | GIAC | GDAT | GIAC Defending Advanced Threats (GDAT) | Cyber Defence |
| 65 | GIAC | GCWN | GIAC Certified Windows Security Administrator (GCWN) | System Security Administration |
| 66 | GIAC | GCTI | GIAC Cyber Threat Intelligence (GCTI) | Cyber Vulnerability, Threat and Risk Management |
| 67 | GIAC | GCSA | GIAC Cloud Security Automation (GCSA) | Cyber Vulnerability, Threat and Risk Management |
| 68 | GIAC | GCPN | GIAC Cloud Penetration Tester (GCPN) | Cyber Defence |
| 69 | GIAC | GCLD | GIAC Cloud Security Essentials (GCLD) | Cyber Vulnerability, Threat and Risk Management |
| 70 | GIAC | GCIP | GIAC Critical Infrastructure Protection (GCIP) | Cyber Defence |
| 71 | GIAC | GCED | GIAC Certified Enterprise Defender (GCED) | Cyber Vulnerability, Threat and Risk Management |
| 72 | GIAC | GCDA | GIAC Certified Detection Analyst (GCDA) | Cyber Forensics and Investigation |
| 73 | GIAC | GAWN | GIAC Assessing and Auditing Wireless Networks (GAWN) | Governance, Risk & Compliance |
| 74 | GIAC | GBFA | GIAC Battlefield Forensics and Acquisition (GBFA) | Cyber Forensics and Investigation |
| 75 | GIAC | GASF | GIAC Advanced Smartphone Forensics (GASF) | Cyber Forensics and Investigation |
| 76 | GIAC | GIME | GIAC iOS and MacOS Examiner (GIME) | Cyber Forensics and Investigation |
| 77 | CompTIA | N/A | CompTIA IT Fundamentals | Cyber Defence |
| 78 | CompTIA | N/A | CompTIA A+ | Cyber Defence |
| 79 | CompTIA | N/A | CompTIA Network+ | Network Security Administration |
| 80 | CompTIA | N/A | CompTIA Security+ | System Security Administration |
| 81 | CompTIA | N/A | CompTIA Cloud+ | System Security Administration |
| 82 | CompTIA | N/A | CompTIA Linux+ | System Security Administration |
| 83 | CompTIA | N/A | CompTIA Server+ | System Security Administration |
| 84 | CompTIA | N/A | CompTIA CySA+ | Cyber Vulnerability, Threat and Risk Management |
| 85 | CompTIA | N/A | CompTIA CASP+ | Cyber Vulnerability, Threat and Risk Management |
| 86 | CompTIA | N/A | CompTIA Pen Test+ | Cyber Defence |
| 87 | CompTIA | N/A | CompTIA Data+ | Cyber Defence |
| 88 | CompTIA | N/A | CompTIA Project+ | Cyber Defence |
| 89 | CompTIA | N/A | CompTIA CTT+ | Cyber Defence |
| 90 | CompTIA | N/A | CompTIA Cloud Essentials+ | Cyber Defence |
| 91 | AccreditedBodies | N/A | Business Continuity Professional Certification | Cyber Defence |
| 92 | AccreditedBodies | N/A | Lead Auditor in ISO 27001 | Governance, Risk & Compliance |
| 93 | AccreditedBodies | N/A | Lead Implementor in ISO 27001 | Governance, Risk & Compliance |