Third-party products and services, including course instructors have helped many candidates to close knowledge and skill gaps. Lunarline does not endorse any particular provider and encourages candidates to use a variety of tools and resources that will enhance their understanding of relevant principles and the exam’s concentration area.
- NIST SP 800-66 Rev. 1 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
- 45 CFR Parts 160, 162, and 164: HIPAA Administrative Simplification Regulation Text (as amended through March 26, 2013)
- U.S. Department of Health and Human Services guidance U.S. Department of Health and Human Services covered entity and business associate guidance (see enhancement)
- U.S. Department of Health and Human Services Guidance
Candidates must possess at least 3 years of experience in healthcare specific security assessments in order to obtain the expert level credential. The associate level credential will be awarded to those who pass the exam, but do not have the required experience. The credential can be elevated to expert level upon attaining the required experience. Simply email [email protected] to start the experience verification process.
Mapping to the NICE Framework
NICE Work Role Name:
Security Control Assessor
NICE Framework Category
CCE® Concentration Area:
Securely Provision (SP)
NICE Specialty Area:
Risk Management (RSK)
NICE Work Role ID:
OPM Code | DCWF Code:
NICE Work Role Description:
Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).
Lunarline Training Courses:
Continuing Education: The Lunarline SCS Training Program and other third-party vendors offer activities, products and services across the country that qualify as Professional Development Credits (PDCs) that target the same NICE category, specialty area, work role, and/or authoritative sources as our certifications. We encourage candidates to use a variety of tools and resources that will enhance their understanding of relevant principles and reflect their learning styles and needs.
- Common Controls Provider (SP062-WBT)
- Information Security and Information Technology Auditing (OV131)
- Information Security Risk Assessments (SP130)
- IT Program Auditor (OV208-RBT)
- Risk Management Framework (RMF) for DoD Security Controls Assessors (SCA) (SP201)
- Risk Management Framework (RMF) for DoD Security Controls Assessors (SCA) - SP (SP201-SP)
- Risk Management Framework (RMF) for Federal Systems Security Controls Assessor (SCA) (SP202)
- RMF Rev5 Process Change - WBT (SP001-WBT)
- Security Control Assessor (SP201-RBT)
- System Compliance Assessment Methodology for NIST 800-53 App J (SP068-WBT)