Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Published by CP4 on August 11, 2021
(ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process called the Job Task Analysis (JTA) that (ISC)² conducts to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.
The content of the CISSP has been refreshed to reflect the most pertinent issues that cybersecurity professionals currently face, along with the best practices for mitigating those issues. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s cybersecurity program within an ever-changing security landscape.
Security and Risk Management: 15%
Asset Security: 10%
Security Architecture and Engineering: 13%
Communication and Network Security: 13% (Down from 14%)
Identity and Access Management (IAM): 13%
Security Assessment and Testing: 12%
Security Operations: 13%
Software Development Security: 11% (Up from 10%)
Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.
The changes will begin on May 1, 2021.
No. For the CISSP, a candidate is required to have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8 domains of the CISSP CBK.
An update to the Official (ISC)² CISSP Training Course (classroom-based and online-instructor led) will be available in May 2021.
Back to All Posts