In the US, there was a relatively recent regulation of IT security in the form of Department of Defense Directive 8570. This directive requires IT security folks who work on DoD contracts to have a certification from one of the major certification authorities (think CISSP). Personally I'm not a fan of required certification for a number of reasons, but at least the DoD is trying to improve the quality of contractors working in IT security.

It's cute that they think they are trying, but CISSP really is a joke.

It would only work if it was regulated by people who understood IT security.