list of ANSI-accredited IT certifications

ANSI/ISO/IEC 17024 Accredited Certifications

I got an e-mail last week from Microsoft indicating that “Microsoft Certified IT Professional: Windows Server 2008 Server Administrator and Microsoft Certified IT Professional: Windows Server 2008 Enterprise Administrator certifications are the first two Microsoft product-specific IT certifications to receive the ANSI accreditation” for personnel certifications. Having been dimly aware of this program for some time I decided to dig in and find out who else offers IT certifications that meet these international standards for certification program acceditation.

See ANSI Accreditation Services for more info on the overall program. To understand the benefits see “Why Seek Accreditation?“ A complete list of accredited organizations is available on the”List of accredited certification bodies” page on the ANSI Website.

Here’s a partial rendering of the ANSI Accreditation Directory that includes only IT-related credentials (a total of 29 organizations appear in that list, which means that IT related entries comprise just under 25% of the total present):

• ASIS International (information security certs: CPP, PSP, and PCI).
• CompTIA (A+, Network+, Security+)
• SANS GIAC (GSEC, GSLC)
• ISACA (CISM, CISA)
• ISC-squared (CAP, CISSP, ISSAP, ISSEP, ISSMP, SSCP)
• Microsoft (MCITP: Enterprise Admin, MCITP: Server Admin)
• PMI (PMP)

While this isn’t exactly a “who’s who” of IT certification organizations, it isn’t exactly chopped liver, either. Cisco’s missing, but with Microsoft and CompTIA both now present, two of the three biggest overall programs are represented. I’m also fascinated by the heavy presence of information security programs in this line-up, including the entry-level CompTIA Security+, ASIS, GIAC, ISACA, and ISC-squared.

Somehow, this also makes Microsoft’s disclosure that it plans to seek ANSI accreditation next for its “Microsoft Certified Systems Administrator: Security Specialization” credential — despite its age and possible decrepitude — a lot easier to understand. I’m guessing there must be a requirement for ANSI/ISO/IEC accreditation for infosec certifications somewhere, in some government’s or other official body’s canon of requirements for infosec practitioners. And sure enough under US Government Recognition the Department of Defense appears under the heady “government agencies…closely associated with ANSI accreditation.” Obviously, information security plays into this association in some form or fashion.

I’ll report further on this phenomenon as I learn more. This is enough information to be intriquing, but not yet enough to be satisfying, so I’ll keep digging. Stay tuned.