Site Logo

Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Why are changes being made to the CISSP exam?

(ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process called the Job Task Analysis (JTA) that (ISC)² conducts to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

How is the CISSP exam changing?

The content of the CISSP has been refreshed to reflect the most pertinent issues that cybersecurity professionals currently face, along with the best practices for mitigating those issues. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s cybersecurity program within an ever-changing security landscape.

Domain Updates for May 2021 Exam

Security and Risk Management: 15%

Asset Security: 10%

Security Architecture and Engineering: 13%

Communication and Network Security: 13% (Down from 14%)

Identity and Access Management (IAM): 13%

Security Assessment and Testing: 12%

Security Operations: 13%

Software Development Security: 11%    (Up from 10%)

Why do domains for (ISC)² credential exams change?

Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.

When will these changes go into effect?

The changes will begin on May 1, 2021.

Do these updates affect the experience requirement for the CISSP?

No. For the CISSP, a candidate is required to have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8 domains of the CISSP CBK.

What impact do these changes have on (ISC)² training materials?

An update to the Official (ISC)² CISSP Training Course (classroom-based and online-instructor led) will be available in May 2021.

Back to All Posts