On April 11, 2014, Madeline Weeks, TalaTek’s Junior Information Assurance Consultant, passed the “Federal Information Technology Security Professional: Auditor (FITSP-A)” certification exam from the Federal Information Technology Security Institute (FITSI). The FITSP certifying exam is a role-based exam ranging from Auditor, Operator, Designer and Manager. It is consistent with NIST SP 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model.
According to the FITSI Web site, “[The FITSP-A] is the intersection of IT security skills, the NIST framework, and an independent third party certification validation of candidates to help increase the knowledge pool of federal workers and contractors. The FITSP certification helps protect the nation’s critical infrastructure and by default the information that its citizens expect to have protected.”
With a focus on validating a candidate’s knowledge of federal standards and the NIST Risk Management Framework (RMF), the FITSP-A exam tests candidates’ competence to review and audit federal IT systems, “… [a role which] deals with high-level, cost-effective, risk-based IT security audit functions that assure program value is achieved within the ever-changing risk and evolving threat environments.”
Ms. Weeks’ passing the FITSP-A exam was the culmination of a three-day FITSP-A training program led by Tyler Harding of Kearney & Company, based in Alexandria, Virginia, which covered the Federal Information Security Management Act (FISMA 2002), NIST RMF, Gap Analyses, Information Security Continuous Monitoring (ISCM), among other related topics.
As an Associate Member of FITSI, Ms. Weeks looks forward to continuing her participation with the organization, including the “Understanding Information Security Continuous Monitoring” Webinar on April 29, 2014 which will be led byMs. Kelley Dempsey, primary author of NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.
