National Credential
Credential: Certified Information Systems Auditor (CISA)  In-Demand resource  GI Bill resource  ANSI resource
Credentialing Agency: ISACA

The Certified Information Security Auditor (CISA) is an advanced certification for individuals who work in the information systems audit, control and security industry. The CISA certification covers topics such as the information systems audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protection of Information Assets, and business continuity and disaster recovery. This certification is targeted toward experienced information security auditors and those who have information security management responsibilities. Candidates are required to have a minimum of five years of professional information systems audit, control, assurance or security work experience.

More information can be found on the certifying agency's website.

Renewal Period: 3 years

Certified Information Systems Auditor (CISA)

The following Army Occupations provide training and/or experience that contributes to attaining this credential:

Personnel Category Occupation Occupation Type Related As Promotion Points Skill Level Star Proponent Funded Gap Analysis
Enlisted 17C Cyber Operations Specialist MOS some  Promotion Points: This certification has been approved for promotion points. Click for more information.        
Enlisted 25B Information Technology Specialist MOS some  Promotion Points: This certification has been approved for promotion points. Click for more information.        
Enlisted 25D Cyber Network Defender MOS most   V      
Enlisted 35T Military Intelligence (MI) Systems Maintainer/Integrator MOS some  Promotion Points: This certification has been approved for promotion points. Click for more information.        
Enlisted E6 Interactive On-Net Operator ASI some          
Enlisted R3 Digital Network Exploitation Analyst (DNEA) ASI other          
Enlisted T5 Target Digital Network Analyst ASI some          
Warrant Officer 255A Information Services Technician WOMOS some        
Warrant Officer 255N Network Management Technician WOMOS some        
Warrant Officer 255S Information Protection Technician WOMOS most        
Warrant Officer 255Z Senior Network Operations Technician WOMOS some        

Army Table Legend


Related As

The military occupations shown in this table are related to this credential in one of four ways: Most, Some, or Other.

Most: This credential is directly related to most of the major duties associated with the military occupation (at least 80%). Note that the credential may require additional education, training or experience before you are eligible for it.

Some: This credential is related to some tasks associated with the duties of the military occupation (related 80% to at least one or more critical tasks but less than 80% of all of the entire military occupation). Note that the credential may require additional education, training or experience before you are eligible for it.

Other: This credential is related to this military occupation, but is more advanced or specialized and therefore will likely require additional education, training, or experience.

Promotion Points Promotion Points icon

This credential has been approved for promotion points for this MOS towards promotion to Sergeant and Staff Sergeant. Clicking the Promotion Points icon will open a link to the promotion points fact sheet.

Skill Level Designation

Skill Level I: This skill level consists of all Soldiers in the ranks of Private (pay grade E-1) up to Specialist (pay grade E-4). Time in Service (TIS) is generally between initial entry and four Years of Service (YOS). This skill level is Entry-level positions requiring performance of tasks under direct supervision.

Institutional training:

  • Structured Self-Development (SSD) level I
  • Basic Leader Course (BLC)

Skill Level II: This skill level is obtained when promoted to Sergeant (paygrade E-5). TIS is generally between 4-8 YOS. Positions requiring performance of more difficult tasks under general supervision; and in some instances, involving supervision of Soldiers in SL1.

Institutional training:

  • Structured Self-Development (SSD) level II
  • Advance Leader Course (ALC)

Skill Level III: This skill level is obtained when promoted to Staff Sergeant (paygrade E-6). TIS is generally between 8-12 YOS. Positions requiring performance of still more difficult tasks and involving first line supervision of Soldiers in SL1 & SL2.

Institutional training:

  • Senior Leader Course (SLC)
  • Structured Self-Development (SSD) level III

Skill level IV: This skill level is obtained when promoted to the rank of Sergeant First Class (paygrade E-7). TIS is generally between 12-18 YOS. Positions requiring relatively detailed knowledge of all tasks specified for a given MOS, normally involving first-line supervision of Soldiers in SLs 1, 2, and 3, and involving managerial duties.

Institutional training:

  • Master Leader Course (MLC)
  • Structured Self-Development (SSD) level IV
  • Senior Enlisted Joint Professional Military Education (SEJPME) I Course

Skill level V: This skill level is obtained when promoted to the rank of Master Sergeant (paygrade E-8). TIS is generally between 18-22 YOS. Positions requiring direct and indirect leadership roles with expertise in company and battalion-level operations and competency across a given CMF, serving as members of a staff at every level in the Army, with a full understanding of the allocation of resources and their utilization in order to accomplish Army functions and missions.

Institutional training:

  • United States Army Sergeants Major Academy (USASMA)
  • Structured Self-Development (SSD) level V

Skill level VI: This skill level is obtained when promoted to the rank of Sergeants Major (paygrade E-9). TIS is generally between 22-30 YOS. Positions requiring organizational leadership roles with multi-dimensional expertise in units and teams on division, corps, and Army staffs, integrated with Joint, Interagency, Intergovernmental, and Multinational (JIIM) partners with a full understanding of the Force Generation process, operations at all echelons, and how the Army runs.

Star Credential Star icon

Star credentials are MOS enhancing, as designated by the Proponent. MOS enhancing credentials are directly related to an MOS or ASI, are taught either partially or completely as part of a Program of Instruction (POI), and improve the MOS technical proficiency.

Proponent Funded Funded icon

This icon indicates credentials which Soldiers may have funded through their MOS proponent. Some proponents offer credentialing opportunities in conjunction with military training and/or as part of MOS development beyond the training base.

Gap Analysis Has Analysis icon

A detailed analysis comparing the credential requirements to the military occupation has been completed. Click on the gap analysis icon to view the analysis page.

Certified Information Systems Auditor (CISA)

Eligibility Requirements ()

Note: This credential may have multiple options for becoming eligible. Listed below are the minimum requirements based on the minimum degree required. To view other options, see the Eligibility tab.

  • Credential Prerequisite
  • Experience: 5 years
  • Education
  • Training
  • Membership
  • Other
  • Fee

Exam Requirements ()

  • Written Exam
  • Oral Exam
  • Practical Exam
  • Performance Assessment

Renewal Period: 3 years

  • Continuing Education
  • Exam
  • Continuing Education OR Exam
  • Fee
  • Other

ISACA
3701 Algonquin Road
Suite 1010
Rolling Meadows, IL  60008
Phone: 847-660-5505
Fax: (847) 253-1443
Contact Page

Certified Information Systems Auditor (CISA)

Submit an application with verified evidence of a minimum of five years of professional information systems auditing, control, or security work experience. Substitution and waivers of such experience, to a maximum of three years, may be obtained as follows:

  • A maximum of one year of information systems OR one year of non-IS audit experience can be substituted for one year of experience;
  • 60 to 120 completed university semester credit hours (the equivalent of a two-year or four-year degree), not limited by the 10-year preceding restriction, can be substituted for one or two years, respectively, of experience; 
  • A bachelor's or master's degree from a university that enforces the ISACA sponsored Model Curricula can be substituted for one year of experience. To view a list of these schools, please visit the ISACA website. This option cannot be used if three years of experience substitution and educational waiver have already been claimed:
  • A master's degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
  • Two years as a full-time university instructor in a related field (e.g., computer science, accounting or information systems auditing) can be substituted for one year of experience.

All experience must be verified independently with employers and have been gained within the 10-year period preceding the application date or within five years after the date of passing the CISA exam. Applications for certification must also be submitted no more than five years after the date of passing the CISA exam.

The Certified Information Systems Auditor (CISA) credential has the following other requirements:

Certified Information Systems Auditor (CISA)

  • The Process of Auditing Information Systems (14%)
  • Governance & Management of IT (14%)
  • Information Systems Acquisition, Development & Implementation (19%)
  • Information Systems Operations, Maintenance & Support (23%)
  • Protection of Information Assets (30%)

There are a number of resources available to help you prepare for the Certified Information Systems Auditor (CISA) examination:

An additional resource is Safari Books Online, a searchable digital library that provides online access to thousands of books, training videos and conference sessions. See the Educational Resources page here on COOL to learn how to get free access.

Testing for this credential is handled by PSI. The test centers are located in the U.S.

To find out more, use the following links on the PSI website:

For more information on the ISACA testing process, visit the agency website.

Certified Information Systems Auditor (CISA)

Renewal Period: 3 years

The Certified Information Systems Auditor (CISA) credential has the following recertification information:

The CISA CPE policy requires the attainment of CPE hours over an annual and three-year certification period. CISAs must comply with the following requirements to retain certification:

  • Attain and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CISA’s knowledge or ability to perform CISA-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
  • Submit annual CPE maintenance fees to ISACA international headquarters in full.
  • Attain and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting period.
  • Respond and submit required documentation of CPE activities if selected for the annual audit.
  • Comply with ISACA’s Code of Professional Ethics.
  • Abide by ISACA's IT auditing standards.