FAQ About the New CCNP Security Certifications

Cisco recently announced a new Network Security certification program: Cisco Certified Network Professional Security (CCNP Security). This new certification program is for Cisco Network Security Engineers who are responsible for testing, deploying, configuring, and troubleshooting the core technologies that make up a Cisco secure network. The new CCNP Security curriculum assesses an engineer’s competency in using network-critical technologies and products, such as Cisco IOS security features in Cisco routers and switches, firewalls, VPNs, and intrusion prevention and detection systems.

Q    What exams do I take for the new CCNP Security certification?
A    Table 1 below lists the new exams that you will need to take.

Exam Number    Exam Name

642-637             Securing Networks with Cisco Routers and Switches (SECURE)

642-627             Implementing Cisco Intrusion Prevention System (IPS)

642-617             Deploying Cisco ASA Firewall Solutions (FIREWALL)

642-647             Deploying Cisco ASA VPN Solutions (VPN)

Table 1. New exams for the CCNP Security program

Q    Are there any electives for the CCNP Security program?
A    No. However, certain legacy exams can be used towards earning the CCNP Security certification (see table 3).

Q    If I am already working on my Cisco CCSP certification, can I apply my completed CCSP exams towards the CCNP Security program in order to achieve both certifications?
A Yes, the path shown in table 2 can be applied for both the CCNP Security and CCSP programs. The path includes the ability to apply existing CCSP exams toward CCNP Security certification. The CCSP program will not issue new certifications after October 14, 2011, however. If you attain a CCSP certification prior to that date, you can hold both certifications. Not every CCSP exam can used for CCNP Security certification, so please check the list of qualifying exams in table 3 below.

Choose One Exam From Each Box

Migration path for CCSP

to CCNP Security

SNRS* or SECURE
IPSv6 or IPSv7

FIREWALL or SNAF*

or SNPA

VPN or SNAA*

Note: * These CCSP exams expire in April 2011.

Table 2. Valid path for the CCNP Security program, from November 10, 2010, to October 14, 2011

Exam Number     Exam Name

642-502              Securing Networks with Cisco Routers and Switches (SNRS)

642-503              Securing Networks with Cisco Routers and Switches (SNRS)

642-504              Securing Networks with Cisco Routers and Switches (SNRS)

642-515              Securing Networks with ASA Advanced (SNAA)

642-522              Securing Networks with PIX and ASA (SNPA)

642-523              Securing Networks with PIX and ASA (SNPA)

642-524              Securing Networks with ASA Foundation (SNAF)

642-532              Implementing Cisco Intrusion Prevention System (IPS)

642-533              Implementing Cisco Intrusion Prevention System (IPS)

Table 3. CCSP legacy exams that are valid for the CCNP Security program

Q    How does the introduction of the CCNP Security program affect my CCSP certification? Will my CCSP recognition by Cisco expire soon? Is it worth it to achieve CCSP certification?
  The CCSP certification will be recognized as a valid Network Security certification until it is retired. All CCSP professionals can recertify per the normal CCSP recertification process (see the recertification policy below). No new CCSP certifications will be issued after October 2011.

Recertification Policy for the CCSP and CCNP Security Programs
Three years before the certification expiration date:
●    Pass any current 642-XXX professional-level exam
OR
●    Pass any current CCIE written exam
OR
●    Pass any current CCIE lab exam
OR
●    Pass the current CCDE written exam
OR
●    Pass the current CCDE practical exam
OR
●    Pass the Architect interview and the Architect board review
Q    How do I achieve the CCNP Security certification if I already have the CCSP certification? 
A    You can apply a passing score from any of the qualifying CCSP exams (see table 3) towards credit for the CCNP Security program. If you already meet the minimum requirements, you will automatically receive a CCNP Security certification and you will be notified of your status as a CCNP Security Professional.

Q    Can I use a passing score on a new CCNP Security exam to recertify myself as a CCSP Professional?
  Yes , the CCNP Security exams are professional-level exams and can be used to recertify for the CCSP recognition.

Q    As a CCSP professional, can I pass a single CCNP Security exam and obtain the CCNP Security certification?
A    This depends on whether you have passed the necessary qualifying CCSP exams. Not all CCSP exams qualify for the CCNP Security program. You should check the list in table 3 to make sure that you have already passed the necessary CCSP exams to qualify for CCNP Security certification.

Q    Are the recertification policies for the CCSP and CCNP Security programs the same?
A    Yes, both use the same recertification policy (see the recertification policy above).

Q    I achieved CCSP recognition years ago and have been recertifying every three years. Do I automatically receive the CCNP Security certification?
A    It depends on the exams you used to qualify for the CCSP certification. Some exams from the CCSP program qualify for the CCNP Security program, but some exams do not (see table 3). If you have not passed the minimum qualifying exams, you will not automatically receive the new CCNP Security certification.

Q    I noticed CANAC, MARS, CSVPN, SND, and HIPS are not on the list of qualified exams for the CCNP Security program. However, I used them for the CCSP certification. Why aren’t they valid anymore?
A    While those exams are valid in the Network Security Program and are relevant for a Cisco Certified Security Professional, they do not measure the competencies needed for Cisco Network Security Engineers. Therefore, they are not on the qualifying list for the CCNP Security program.

Q    The SNAA course is an elective that qualifies for both the CCSP and CCNP Security programs. Because I achieved my CCSP certification using the SNAA course as an elective, do I qualify for the new CCNP Security certification?
  It depends on the other exams in your CCSP portfolio; some may be nonqualifying or outdated, such as the CSVPN or CSI exams.

Q    Why does Cisco have two professional-level security programs?
A    The field of network security has grown and expanded to include many new job roles, products, threats, and compliancy mandates. Therefore, the Cisco Network Security Certification Portfolio needed to evolve with the market by establishing certifications for specialized job roles in network security. The CCSP program covers many products and job roles, but the CCNP Security program is specialized for Cisco Network Security Engineers who have certain responsibilities, including testing, deploying, and troubleshooting specific products and technologies.

Q What prerequisite is required to obtain a CCNP Security certification?

A Candidates must possess ONE of the following as a prerequisite:

Valid CCNA Security certification, or

Valid CCSP certification, or

Valid CCNA certification plus SND exam pass