To attain the Master Security Specialization, partners must achieve the Advanced Security Specialization and meet stringent requirements to demonstrate master-level capabilities and customer success.

Requirements for Master Security Specialization cover these focus areas:

1. Sales capability
2. Technical capability

The validation process to grant partners a Master Security Specialization is comprised of two steps. In the first step the partner applies for the Master Security Specialization and uploads various credentials and documents to Cisco via a web-based tool for validation. Once the partner meets the initial qualifications by submitting all of the remote credentials Cisco will schedule an onsite audit to verify the remainder of the partner's qualifications. This second step is the onsite audit in which additional requirements are validated at the partner location by a third party auditor and Cisco.

These are minimum requirements for Master Security Specialization. Exceeding these requirements is optional and provides another way for Master Security Specialized partners to differentiate themselves.

Only electronic applications are accepted. The application is available via: http://www.cisco.com/go/csapp

Master Security Specialization
Step 1: Pre-Audit Validation These requirements will be validated remotely before the onsite audit is scheduled
Requirement	Evidence
Advanced Security Specialization	Cisco Internal System Validation
Customer References: documentation to validate 3 Vulnerability Assessments based on specific qualifying criteria (see Vulnerability Assessment Checklist)	Project Overview/Executive Summary Vulnerability Assessment template alignment Customer acceptance document Partner uploads these documents into CSApp after verification by Cisco System Engineer
CCIE Security ***	Assign individual in CSApp
One of the following**: CISM (ISACA) GSNA (GIAC) GCIH (GIAC) CISA (ISACA) GCSC (GIAC) GSLC (GIAC) GCIA (GIAC) GCFA (GIAC) GSEC (GIAC) GCFW (GIAC)	Partner uploads certification in CSApp ***
One Project Management Certification: PMI (PMP) or Prince 2 ***	Partner Uploads Certificate into CSApp
Customer References: Documentation to validate 5 sophisticated deployments based on specific qualifying security criteria (see Customer Reference Checklist)	Customer Reference Account Checklist Customer acceptance document Partner uploads these documents into CSApp after verification by Cisco System Engineer

** CISM = Certified Information Security Manager and is offered by the Information Systems Audit and Control Association (ISACA). More info may be found on the ISACA CISM Certification Website.
GSNA = GIAC Systems and Network Auditor (GIAC = Global Information Assurance Certification)
GCIH = GIAC Certified Incident Handler
CISA = Certified Information Systems Auditor (ISACA)
GCSC = GIAC Certified Security Consultant (GIAC)
GSLC = GIAC Security Leadership Certification (GIAC)
GCIA = GIAC Certified Intrusion Analyst (GIAC)
GCFA = GIAC Certified Forensics Analyst (GIAC)
GSEC = GIAC Security Essentials Certification (GIAC)
GCFW = GIAC Certified Firewall Analyst (GIAC)
These are offered by the SysAdmin, Audit, Network, Security Institute (SANS) and more info may be found GIAC Certification Roadmap.
All these industry certifications are globally available, relevant to the business Cisco security partners are in, and indicative of superior technical skills.

*** This requirement may be met by any member of the partner's practice team for the given technology. For example, the person who serves in the FE role for the advanced technology specialization may also be the person who holds the specific technology CCIE for the master specialization. The individual holding the CCIE for the master specialization must be a verifiable member of the partner's technology practice.

Master Security Specialization
Step 2: Onsite Audit Verification These requirements will be validated during the onsite audit
Requirement	Evidence
Demo: Cisco requires evidence to verify the partner's ability to perform a sophisticated demo based on a simulated scenario	Refer to demo checklist for specific minimum demo criteria. Demos may be performed using any lab equipment, including a remote lab or a leased lab. Demos may not be performed at Cisco facilities
Cisco Lifecycle Services Operate Phase Audit: Based on the Operate Phase of the Cisco Lifecycle Services framework, including capabilities related to processes, tools and metrics for the following practice areas: Service Offerings Incident Management Problem Management Configuration Management Change and Release Management Onsite Troubleshooting Service Level Management (see Operate Phase Checklist) Note: The Service Support and Service Delivery Master Specialization audit requirements are based on the Operate Phase of Cisco’s Lifecycle Services process. Both cover a service and support framework including capabilities related to processes, tools, and metrics. The Service Support and Service Delivery structure maps to industry-recognized terminology.	Partner must provide evidence of delivering services in these practice areas. Exception: Current certification to ISO 20000-1 (or BS 15000-1) and achievement of MTTN, MTTR and Onsite Troubleshooting Response Metrics.
Organizational structure to support customer-focused solution sales and service	Partner must provide evidence of organizational charts, job descriptions, training plans and training records.

Multiple Cisco Master Specialization Requirements

A multiple Master Specialization requirements policy has been established for partners wishing to pursue more than one master specialization. Given that some of the requirements are redundant on some level for multiple master specializations, the Multiple Cisco Master Specialization requirements policy is available.

Multiple Master Specialization Requirements (PDF - 91 KB)

Note: If a partner does not remain in compliance with the applicable specialization or certification requirements, Cisco reserves the right to revoke the specialization or certification. Partners must notify Cisco of its non-compliance promptly, but in no event more than thirty (30) days after partner first becomes aware of its non-compliance. Upon receipt of such notice, partner may qualify for an extension of time in which to renew its compliance with the applicable specialization or certification requirements. Partner's failure to provide such notice may disqualify partner from receiving such an extension. If no extension is granted or if partner fails to comply with the certification or specialization requirements by the end of the extension period, Cisco reserves the right to revoke the applicable specialization or certification immediately. Additional information regarding non-compliance may be found in the Audit and Policies Document.