A Managed Security Service Provider or MSSP facilitates managed security services for the end user.
CSM (Continuous Service Management) Software Assurance Certification Exam will become mandatory for most organizations that provide managed security services and employs MSSP/MSDS for a service environment. Currently, MSSP only certifies Microsoft Security Compliance Manager (SCCM) software, but SCCM will soon become an option for management of Microsoft and third-party security products.
The CSE Annual Security Assessment (ASA) for MSSP/MSDS will be made up of multiple performance-based assessments that focus on how well these services are being managed, how well customers’ security is enforced and how well the security controls in place are meeting customer expectations, and there are also services that help in the use of MSSP from sites such as https://www.fortinet.com/solutions/service-provider/communications-service-provider/mssp.
Microsoft Security Compliance Manager (SCCM) is an anti-malware application, allowing security professionals to detect, prevent, and remediate threats. Microsoft SCCM was made available to ISVs and organizations through the MSDN Online publication and provides protection and performance measurement capabilities for millions of end users worldwide. It is also used as the underlying platform for numerous enterprise application security controls, including endpoint, service, database, firewall, VPN, access control, and application-specific controls.
These controls are developed as ISVs and organizations deploy new versions of applications, updating the original baseline technology with enhancements and bug fixes to make them more secure.
Microsoft SCCM will be released in the summer of 2013, adding performance and availability to the full suite of security tools.
Although the CSE ASA is primarily designed for the security professional, it can be used by a control provider to automate the deployment and evaluation of anti-malware products. The first CISSP exam for SCCM will be an open assessment in the spring of 2013, which will allow ISVs and control providers to develop and release solutions using SCCM.
By applying for certification, ISVs and control providers will also be able to verify that their systems meet their management and performance requirements, and provide management and performance data to improve the effectiveness of their security controls.
The CSE ASA Exam requirements:
The CSE ASA test is 6 hours and 55 minutes long and consists of multiple choice, multiple response, and open book exams.
It is important to note that the Microsoft Security Compliance Manager (SCCM) requires two exams. The exam must include both the basic and advanced security controls assessments for MSSP and SCCM. For CISSP exams, the exam must include both CISSP 6.0 and the “interactive” SCCM exam. Finally, for ISV-only exams, the exam must include the ISV exam, in addition to the CISSP or ISV exam.
The CSE ASA exam is dedicated to the CSE CISSP/CISM credential.
If your business organization is interested in the ISV (Independent Security Voucher) exam, and you do not yet have your SCCM credentials, the most recommended way to take the CISSP/CISM credential is to take the ISV-only exam to ensure that you have the ISV credential.
Remember that the CSE ASA exam is devoted to both security professionals and CISSP (CISSP 6.0) exam candidates, while the CISSP exam is dedicated to CISSP 6.0 candidates only.