ISAUnited CPL Overview

ISAUnited CAL and CPL Overview

Two licensure pathways under one professional framework. CAL supports career launch readiness, while CPL supports accountable professional practice in cybersecurity architecture, engineering, and Security by Design.

Issued by: ISAUnited Office of Licensure Administration. Authority of: ISAUnited Licensure Council

The Three Elements of ISAUnited Licensure Credibility

Licensure is built on standards, qualifications, and accountability. CAL uses this framework to validate the career-launch readiness of emerging cybersecurity practitioners. CPL uses this framework to validate professional practice for cybersecurity architects, engineers, and Security by Design professionals.

Standards

Defensible 10 Standards define what good cybersecurity architecture and engineering outcomes should look like. They give CAL candidates and CPL professionals a common technical foundation for secure systems, measurable expectations, and defensible practice.

Qualifications

Qualifications show that a candidate has met the expectations for the license level. CAL validates foundational knowledge, applied cyber defense readiness, and practical learning outcomes. CPL validates professional judgment, responsible practice, and the ability to apply standards in higher-impact decisions.

Accountability

Accountability means cybersecurity decisions are understood, documented, and reviewable. CAL introduces candidates to professional responsibility and defensible practice. CPL extends that responsibility into accountable architecture, engineering, Security by Design, and professional attestation.

A License for Accountable Practice

Defined practitioners

Not every cybersecurity role performs architecture and engineering practice. ISAUnited issues the Certified Professional License only to cybersecurity architects, engineers, and security by design implementers who meet the Institute's eligibility requirements and are prepared to serve as accountable design authority. This posture addresses widespread title inflation and inconsistent role expectations that can leave organizations exposed to avoidable risk. Organizations must not self-appoint practitioners to architect or engineer titles without independent evaluation and clear authority. When systems fail, the impact is not only financial. It can affect safety, privacy, and essential services.

CPL includes cybersecurity architects, engineers, and security by design implementers who work under domain-specific titles such as cloud security architect, identity and access security architect, or network security engineer. Specialty titles are descriptive. CPL recognizes the underlying professional practice.

Note: ISAUnited does not credential every cybersecurity job function. CPL focuses on accountable design authority and engineering judgment and is not positioned as a mass-market credential.

Governance Posture

An Institute-governed licensure framework

ISAUnited administers CAL and CPL through a professional licensure governance framework led by the ISAUnited Licensure Council and supported by the ISAUnited Office of Licensure Administration. This framework includes the ISAUnited Model Practice Act, Model Rules, and Institute policy to support consistent administration, credential verification, organizational adoption, and, where applicable, jurisdictional alignment for professional practice licensing.

Responsible Charge and Professional Attestation

CPL practice authority and professional accountability

CPL holders are expected to practice under responsible charge and apply professional attestation only to work products they direct, control, review, and can defend within their demonstrated competence. This posture reinforces accountability, defensibility, and executive confidence in cybersecurity architecture, engineering, and Security by Design decisions.

International Posture

International institute and neutral program governance

ISAUnited is an international institute. CAL and CPL are administered through neutral regional identifiers to support global consistency, credential records, and program clarity across major regions:

North America (NAM)
Latin America and the Caribbean (LATAM)
Europe, the Middle East, and Africa (EMEA)
Asia Pacific (APAC)

Regional identifiers support program administration and clarity. They do not replace local law, employer requirements, or jurisdiction-specific obligations where those apply.

United States Jurisdiction

For the CAL and CPL, ISAUnited maintains United States jurisdiction profiles to support adoption planning and governance mapping. These profiles summarize core cybersecurity law categories by state and show how the Defensible 10 Standards can map to those categories through evidence-based practice.

View U.S. Jurisdiction

How to Verify Status

Verify CAL and CPL status

Organizations can verify both licensure status through the ISAUnited registry, including active status and validity period. This supports governance workflows, procurement due diligence, and third-party assurance.

Verify a license

FAQ

What is the Certified Associate License (CAL)?

The Certified Associate License (CAL) is ISAUnited’s career launch license for workforce entry candidates, college students, and early career cybersecurity practitioners. CAL validates foundational cyber defense knowledge, applied readiness, and practical learning outcomes for candidates preparing to begin cybersecurity work.

What is the Certified Professional License (CPL)?

The Certified Professional License (CPL) is ISAUnited’s professional license for cybersecurity architects, cybersecurity engineers, and Security by Design professionals. CPL signals competence, accountable practice, and professional responsibility for design, engineering, and pre-implementation decisions that affect security, resilience, privacy, and public trust.

How is CAL different from CPL?

CAL supports career launch readiness for emerging cybersecurity practitioners. CPL supports accountable professional practice for qualified practitioners who perform cybersecurity architecture, engineering, and Security by Design work. CAL introduces professional readiness. CPL recognizes professional responsibility.

Is CAL only for the Cyber Defense Technician pathway?
CAL is strongly aligned to the Cyber Defense Technician pathway because that program prepares candidates for practical cyber defense work. CAL may also support college students, workforce-entry candidates, and early-career learners who meet ISAUnited’s applicable requirements.

Do domain-specific titles qualify?

Yes. Titles such as cloud security architect, identity and access security architect, or network security engineer are considered specialty practice titles. Eligibility is based on the scope of professional practice, not the job title.

Are CAL and CPL government-issued licenses?
No. They are professional licenses issued by a cybersecurity standards institute. Both are designed to support governance, assurance, and organizational adoption globally.

Does ISAUnited licensure apply internationally?
Yes. ISAUnited administers CAL and CPL globally using neutral regional identifiers for program clarity: North America (NAM), Latin America and the Caribbean (LATAM), Europe, the Middle East, and Africa (EMEA), and Asia Pacific (APAC).

How long are the CAL and CPL valid?

The license term is three years. Renewal requires 60 Continuing Professional Education (CPEs) credits.

How is CPL different from a certification?

CPL is different from a certification because it evaluates professional practice, not just topic familiarity. CPL is not designed as a memorization-based credential or a general knowledge certificate. It evaluates whether a qualified practitioner can apply demonstrated Skills, Knowledge, and Abilities (SKAs) to cybersecurity architecture, engineering, and Security by Design decisions that affect security, resilience, privacy, and public trust.

CPL is issued under ISAUnited governance with eligibility requirements, evaluation expectations, renewal requirements, registry verification, and professional accountability. Its purpose is to validate readiness for defensible practice, not simply to confirm that a candidate studied a test book or passed a conventional exam.

Can anyone obtain a CPL?
No. CPL is issued only to qualified practitioners who meet the Institute's eligibility requirements. The intent is to uphold professional and technical standards for cybersecurity architecture and engineering practice and to reduce role ambiguity created by inconsistent job titles.

How can an organization verify a CAL or CPL status?

Licensure status is verifiable through the ISAUnited registry, including whether a license is active and in good standing.

Why Join ISAUnited?

Become a Member Today

Membership Types

Get Involved

Technical Fellow Society

Our Society is a prestigious body of seasoned experts whose leadership and counsel guide the advancement, integrity, and operations of our cybersecurity architecture and engineering mission.

ISAUnited Licensing & Credentials

Overview

CAL for Career Launch

CPL for Professionals

CPL for Corporate Teams

The School of Engineering Cyber Defense

Learning Starts Here

Professional Programs

Student Resources

Career Launch Program

Join Knights Nation

Online school for cyber architecture & engineering—build a portfolio and follow a clear path to CPL.

ISAUnited's Cyber War Center Simulator

Cyber War Center

Simulations

Platform & Modules

ISAUnited's Defensible 10 Standards

Security Standards

Access Standards

About Standards

ISAUnited's Red Team Intelligence

Red and Blue Practice

Intrusion 8

Red Team | Blue Team

Welcome to the Technical Research Center (TRC)

About the TRC

Annual Reports

Technical Institute

ISAUnited's Core Divisions

Cybersecurity Architecture

Cybersecurity Engineering

Cyber Sciences

Security by Design

Cybersecurity Law and Digital Justice is ISAUnited’s consequence discipline: defensible evidence practice, escalation rigor, and justice aware coordination that protects outcomes when incidents become consequential.

Our Story & Mission

Play

Who We Are

Enterprise Security Architecture Body of Knowledge. The ESABOK from ISAUnited empowers architects and engineers to navigate architecture conformity and standardized processes for secure design confidently.

The ISAUnited Manifesto