CISSP

ISC2 CISSP - Certified Information Systems Security Professional

The gold-standard senior cybersecurity certification

Issued by ISC2
Visit official certification page
8 Domains
10+ Skills
4 Prep Links
3 Practice Quizzes
Cost
USD $749 (Americas/APAC/MEA) / EUR 719.04 / GBP 606.69
Duration
3 hours (current English CAT exam)
Questions
100-150 (CAT, current outline effective April 15, 2024)
Pass
700 / 1000 (scaled)
Delivery
ISC2 Authorized PPC and PVTC Select Pearson VUE Testing Centers
Validity
3-year cycle

Quick Facts

Cost
USD $749 (Americas/APAC/MEA) / EUR 719.04 / GBP 606.69
Duration
3 hours (current English CAT exam)
Questions
100-150 (CAT, current outline effective April 15, 2024)
Passing score
700 / 1000 (scaled)
Languages
Chinese (windowed), English, German, Japanese, Spanish
Delivery
ISC2 Authorized PPC and PVTC Select Pearson VUE Testing Centers
Validity
3-year cycle
CPE / AMF
120 CPEs per 3-year cycle; AMF USD $135/year

Skills You'll Learn

Apply security governance, risk management, and the ISC2 Code of Professional Ethics across an enterprise. Classify, handle, and protect information assets across their lifecycle. Design secure systems using threat modeling, zero trust, defense in depth, and cryptographic best practices. Architect secure network communications using OSI/TCP-IP, secure protocols, and segmentation. Implement Identity and Access Management using MFA, federation, RBAC/ABAC, privileged access controls. Plan and run security assessments - vulnerability assessment, pen testing, code review, audits. Manage security operations including incident response, digital forensics, logging, monitoring, SIEM. Integrate security into the software development lifecycle including DevSecOps and supply chain risk. Lead business continuity and disaster recovery planning, testing, and execution. Earn the gold-standard senior cybersecurity credential - globally recognized, ANAB-accredited, DoD 8140-approved.

Exam Logistics

  • Question types: multiple choice and advanced item types via Computerized Adaptive Testing (CAT).
  • Reschedule fee: USD $50. Cancellation fee: USD $100.
  • Retake policy: 30/60/90 test-free days after 1st/2nd/3rd attempts; max 4 per 12 months.
  • Chinese exams only in select windows (March, June, September, December).
  • ANAB-accredited under ISO/IEC 17024. Approved under U.S. DoDM 8140.03.
  • After passing: complete Certification Application within 9 months, endorsed by an active ISC2-certified member.

Prerequisites & Recommended Experience

  • Minimum 5 years cumulative, full-time paid experience in 2+ of the 8 CISSP CBK domains.
  • 1-year waiver options: post-secondary degree in CS/IT/related OR approved additional credential.
  • Associate of ISC2 path: pass CISSP without experience, earn 5 years within 6 years.
  • Background qualifications - affirmatively answer ISC2 background questions.
  • Commit to the ISC2 Code of Ethics.

8 CBK Domains with Weights (effective April 15, 2024)

Domain 1: Security and Risk Management 16%
  • Professional ethics; CIA + authenticity + nonrepudiation.
  • Security governance; legal/regulatory/compliance (GDPR, CCPA, PIPL).
  • Investigation types; security policy/standards/procedures.
  • BC requirements and BIA; personnel security.
  • Risk management; threat modeling; SCRM.
  • Security awareness, education, training.
Domain 2: Asset Security 10%
  • Information/asset classification and handling.
  • Data lifecycle and roles; asset retention.
  • Data security controls (DRM, DLP, CASB).
Domain 3: Security Architecture and Engineering 13%
  • Secure design (threat modeling, defense in depth, zero trust, SASE).
  • Security models (Biba, Bell-LaPadula).
  • System security capabilities (memory protection, TPM, encryption).
  • Vulnerability assessment across cloud/IoT/serverless/embedded/HPC/edge.
  • Cryptographic solutions, lifecycle, PKI, quantum.
  • Cryptanalytic attacks; site/facility design.
Domain 4: Communication and Network Security 13%
  • OSI/TCP-IP; IPv4/IPv6; secure protocols.
  • Segmentation; SDN/SD-WAN/NFV/VPC.
  • Secure network components; NAC; endpoint security.
  • Secure communication channels (voice, video, remote access).
Domain 5: Identity and Access Management (IAM) 13%
  • Physical and logical access control.
  • Identification and authentication (MFA, passwordless, FIM, SSO).
  • Federated identity; authorization (RBAC, ABAC, MAC, DAC).
  • Provisioning lifecycle; access reviews; privileged accounts.
Domain 6: Security Assessment and Testing 12%
  • Assessment/test strategies.
  • Security control testing (vuln assessment, pen testing red/blue/purple, code review).
  • Process data collection; results analysis and reporting.
Domain 7: Security Operations 13%
  • Investigations and digital forensics.
  • Logging/monitoring (IDPS, SIEM, UEBA, threat intel).
  • Configuration management; resource protection.
  • Incident management; preventive measures.
  • Patch/vulnerability/change management; recovery and DR.
Domain 8: Software Development Security 10%
  • Security in SDLC (Agile, Waterfall, DevSecOps, SAMM).
  • Controls in development ecosystems (CI/CD, SAST/DAST/SCA/IAST).
  • Acquired software risk; secure coding guidelines and API security.

Official Prep Resources

Official ISC2 CISSP Online Self-Paced Training Official ISC2 CISSP Online Instructor-Led Training CISSP Self-Study Resources Exam Outline (PDF, April 2024)

Test what you've learned

Take a free GoLearnQuiz practice test. Sign in to save your score.

Beginner Warm-up and concepts Start Intermediate Real exam style Start Advanced Tough scenarios Start

Additional Helpful Details

  • Suspension: 90-day grace period; up to 2 years before termination.
  • ISC2 issues digital badges via Credly to certified members post-endorsement.

Official Sources

Back to all blueprints