Site Logo

Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

CISSP Domain Refresh FAQ

Published by CP4 on August 11, 2021

Why are changes being made to the CISSP exam?

(ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process called the Job Task Analysis (JTA) that (ISC)² conducts to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

How is the CISSP exam changing?

The content of the CISSP has been refreshed to reflect the most pertinent issues that cybersecurity professionals currently face, along with the best practices for mitigating those issues. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s cybersecurity program within an ever-changing security landscape.

Domain Updates for May 2021 Exam

Security and Risk Management: 15%

Asset Security: 10%

Security Architecture and Engineering: 13%

Communication and Network Security: 13% (Down from 14%)

Identity and Access Management (IAM): 13%

Security Assessment and Testing: 12%

Security Operations: 13%

Software Development Security: 11%    (Up from 10%)

Why do domains for (ISC)² credential exams change?

Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.

When will these changes go into effect?

The changes will begin on May 1, 2021.

Do these updates affect the experience requirement for the CISSP?

No. For the CISSP, a candidate is required to have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8 domains of the CISSP CBK.

What impact do these changes have on (ISC)² training materials?

An update to the Official (ISC)² CISSP Training Course (classroom-based and online-instructor led) will be available in May 2021.

Back to All Posts

Featured Insights

View All

Is CompTIA Security+ Worth It In 2024?

CCNA Security, CCNP Security, CEH, ISA, CISSP, Amazon AWS Certified Security, and ISACA CRISC are among the myriad of cybersecurity...

Setting The Record Straight on Five Cloud Security Myths

When it comes to cybersecurity in today’s digital landscape, the cloud is one of the most misunderstood elements. Otherwise intelligent...

The DoD’s Cybersecurity Maturity Model Certification—As Explained by the Classic Movie Independence Day

The DoD’s Cybersecurity Maturity Model Certification—As Explained by the Classic Movie Independence Day In a highly technical world where we...