What is the DoD CSSP (Cyber Security Service Provider)?

The DoD Cyber Security Service Provider (CSSP) is a certification issued by the United States Department of Defense (DoD) that indicates a candidate’s fitness for the DoD Information Assurance (IA) workforce. CSSP certifications are dependent on job role and require completing a third-party certification and DoD specific training and requirements. This guide will describe the various job-specific CSSP certifications, the requirements for achieving each version, and the third-party certifications that are accepted for each job role.

What are the CSSP Levels?

The DoD Cyber Security Service Professional levels are broken out by job role. The five possible roles for a holder of a DoD CSSP certification include:

  • Analyst
  • Infrastructure support
  • Incident responder
  • Auditor
  • Service provider manager

What are the DoD CSSP Requirements?

The majority of requirements for a certified DoD CSSP are the same across all job roles. However, the amount of recommended experience varies by job role, and the service provider manager is exempt from some of the requirements.


  1. Initial training: All CSSP job roles require initial training – in-class, distributed, blended, government and commercial provider options are all acceptable
  2. CSSP certification: All CSSP roles require earning a CSSP certification within six months
  3. OJT evaluation: The analyst, infrastructure support, incident responder and auditor job roles are required to complete on-the-job training evaluations
  4. CE certifications: The analyst, infrastructure support, incident responder and auditor job roles are required to complete a Computing Environment (CE) certification
  5. Maintaining certification status: All CSSP job roles are required to maintain their certification based on the requirements of their particular certification
  6. Continuing education: All CSSP job roles must fulfill their certification’s continuing education requirements
  7. Background investigation: Applicants may need to undergo a background investigation based upon their IA level (computer environment, network environment or enclave) and the requirements (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Chris Sienko. Read the original post at: