Security Certification: GICSP

Security Certification:

Global Industrial Cyber Security Professional (GICSP)


GICSP now approved under DoDD 8570 guidelines.

GICSP: Certifying ICS Security Essentials for Engineering, Operating Technology and Cyber

The GICSP bridges together IT, engineering and cyber security to achieve security for industrial control systems from design through retirement. This unique vendor-neutral, practitioner focused industrial control system certification is a collaborative effort between GIAC and representatives from a global industry consortium involving organizations that design, deploy, operate and/or maintain industrial automation and control system infrastructure. GICSP will assess a base level of knowledge and understanding across a diverse set of professionals who engineer or support control systems and share responsibility for the security of these environments.

GIAC Global Industrial Cyber Security Professional (GICSP) certification now meets the requirements of the DoD Manual 8570.01 "Information Assurance Workforce Improvement Program" and is approved for the Department of Defense (DoD) Computer Network Defense Analyst (CND-A), Computer Network Defense Infrastructure Support (CND-IS) and Information Assurance Technical Level II (IAT Level II) workforce categories.

The approval of GICSP for DoDD 8570 effects any full or part-time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance (security) functions -- regardless of job or occupational series, requiring an approved certification for their particular job classification.


This certification will be leveraged across industries to ensure a minimum set of knowledge and capabilities that IT, Engineer, and Security professionals should know if they are in a role that could impact the cyber security of an ICS environment.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS


  • 1 proctored exam
  • 115 questions
  • Time limit of 3 hours
  • Minimum Passing Score of 71%

Note: GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GICSP exam has been determined to be 71% for all candidates receiving access to their certification attempts on or after November 19th, 2018. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at


Certifications must be renewed every 4 years.


NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam GIAC exams are delivered online through a standard web browser.


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Hardening ICS Operating Systems
The candidate will be able to describe how to implement endpoint security software along with hardening and patching, to secure the Windows and Unix style operating systems commonly found in an ICS environment.
ICS Communications and Compromises
The candidate will be able to describe the basic structures, protocols, and defense of communications within an ICS and summarize how they can be compromised. The candidate will also be able to, at a basic level, describe the cryptography used to protect communications.
ICS Intelligence Gathering
The candidate will be able to determine the threat landscape of an ICS through the investigation of information leakage points and logs, and honeypots, when appropriate.
ICS Level 0 and 1 Technology Overview and Compromise
The candidate will be able to describe level 0 and level 1 devices and technologies and summarize how those devices and technologies are targeted and attacked.
ICS Level 2 and 3 Technology Overview and Compromise
The candidate will be able to describe level 2 and level 3 devices and technologies and summarize how those devices and technologies are targeted and attacked.
ICS Overview and Concepts
The candidate will be able to summarize the function of high-level assets that comprise Purdue model levels zero through three. The candidate will be able to compare and contrast DCS systems with SCADA systems.
ICS Procurement, Architecture, and Design Fundamentals
The candidate will be able to compare and contrast ICS architectures with traditional IT architectures. The candidate will demonstrate understanding of how procurement and physical security can compliment a secure and defendable ICS network architecture. The candidate will be able to summarize the use of levels and zones in defining a secure ICS architecture as well as the devices deployed at each level and zone.
ICS Program and Policy Development
The candidate will be able to summarize the steps and best practices used in building a security program and creating enforceable security policies for an ICS.
ICS Wireless Technologies and Compromises
The candidate will be able to summarize the different wireless communication technologies used in an ICS, how they are targeted, and how they can be defended.
Risk Based Disaster Recovery and Incident Response
The candidate will be able to describe how risk is measured and how it can be used to inform disaster recovery and incident response.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at