Information technology (IT) security certifications have proliferated in recent years. However they differ in regards to stakeholder considerations of credibility, accessibility and relevance. Key stakeholders with an interest in selecting an IT security certification (IT security professionals, employers, governments and higher education institutes) lack a systematic approach for differentiating between candidate certifications and selecting the “best” certification to satisfy requirements. The paper focuses on reporting a confirmatory focus group from a recent research project. It provides a framework for supporting stakeholder evaluation and selection of IT security certifications and discusses key implications for the IT security industry, IT security certifications, and the higher education sector.