[5][6] In the mid-1980s, a need arose for a standardized and vendor-neutral certification program that provided structure and demonstrated competence in the field of IT security, and several professional societies recognized that certification programs attesting to the qualifications of information security personnel were desperately needed.

In June 1988, a conference was hosted by the National Institutes of Standards and Technology (NIST) and the Federal Information Systems Security Educators Association (FISSEA) at Idaho State University in Pocatello, Idaho to address the need for standardized curriculum for the burgeoning profession.

Organizations in attendance included: During the conference, the question was raised why virtually every group represented, save NIST and ISU, was creating a professional certification.

The conference participants agreed to form a consortium that would attempt to bring together the competing agendas of the various organizations.

Violations of the code of ethics are each investigated by a peer review panel, within the potential of revoking the certification.