The Certified Information Systems Security Professional (CISSP) certification exam is a comprehensive exam that tests an individual’s knowledge in the areas of information security, risk management, security architecture, and security operations. The exam is administered by (ISC)2, an international, non-profit organization that provides certification and education programs for information security professionals. The exam consists of 250 multiple-choice questions and takes approximately six hours to complete. To qualify for the exam, candidates must have at least five years of cumulative paid work experience in two or more of the eight domains of the Common Body of Knowledge (CBK). Candidates must also pass the exam with a score of 700 or higher.

Certified Information Systems Security Professional

Information security certification

CISSP logo

CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².

As of January, 2022 there are 152,632 (ISC)² members holding the CISSP certification worldwide.

In June 2004, the CISSP designation was accredited under the ANSI ISO/IEC Standard 17024:2003. It is also formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT), Managerial (IAM), and System Architect and Engineer (IASAE) categories for their DoDD 8570 certification requirement.

In May 2020, The UK National Academic Recognition Information Centre assessed the CISSP qualification as a Level 7 award, the same level as a Masters degree. The change will enable cyber security professionals to use the CISSP certification towards higher education course credit and also open up new opportunities for roles that require or recognize master’s degrees.


In the mid-1980s, a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or “(ISC)²” formed in mid-1989 as a non-profit organization.

By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994.

In 2003 the CISSP was adopted as a baseline for the U.S. National Security Agency‘s ISSEP program.

Certification subject matter

The CISSP curriculum breaks the subject matter down into a variety of Information Security topics referred to as domains. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², “the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding.”

From 1st May 2021 there will be a domain refresh that will impact the weighting of the domains, the domains themselves will not change.

From 15 April 2018, the eight domains covered are :

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

From 2015 to early 2018, the CISSP curriculum was divided into eight domains similar to the latest curriculum above. The only domain to have changed its name was “Security Engineering,” which in the 2018 revision was expanded to “Security Architecture and Engineering.”

Before 2015, it covered ten domains:

  1. Operations security
  2. Telecommunications and network security
  3. Information security governance and risk management
  4. Software development security
  5. Cryptography
  6. Security architecture and design
  7. Access control
  8. Business continuity and disaster recovery planning
  9. Legal, regulations, investigations and compliance
  10. Physical (environmental) security


  • Possess a minimum of five years of direct full-time security work experience in two or more of the (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a master’s degree in Information Security, or for possessing one of a number of other certifications. A candidate without the five years of experience may earn the Associate of (ISC)² designation by passing the required CISSP examination, valid for a maximum of six years. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.
  • Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.
  • Answer questions regarding criminal history and related background.
  • Pass the multiple choice CISSP exam (four hours, up to 175 questions, in an adaptive exam) with a scaled score of 700 points or greater out of 1000 possible points, you must achieve a pass in all eight domains.
  • Have their qualifications endorsed by another (ISC)² certification holder in good standing.

Member counts

Number of CISSP members as of January 1st, 2022 is 152,632.

Top 15 countries by CISSP Member Counts as at January 2022
Country (Top 15) Count
United States 94,320
United Kingdom 8,226
Canada 6,632
China 3,866
Japan 3,339
Australia 3,169
India 3,156
Netherlands 2,908
Singapore 2,804
Germany 2,727
Korea 2,122
Hong Kong 1,960
France 1,210
Switzerland 1,087
Spain 819


Holders of CISSP certifications can earn additional certifications in areas of speciality. There are three possibilities:

  • Information Systems Security Architecture Professional (CISSP-ISSAP), an advanced information security certification issued by (ISC)² that focuses on the architecture aspects of information security. The certification exam consists of 125 questions covering six domain areas:
  1. Identity and Access Management Architecture
  2. Security Operations Architecture
  3. Infrastructure Security
  4. Architect for Governance, Compliance, and Risk Management
  5. Security Architecture Modeling
  6. Architect for Application Security

As of 1st July 2021, there were 2,158 (ISC)² members holding the CISSP-ISSAP certification worldwide.

  1. Security Engineering Principles
  2. Risk Management
  3. Security Planning, Design, and Implementation
  4. Secure Operations, Maintenance, and Disposal
  5. Secure Engineering Technical Management

As of 1st July 2021, there were 1,272 (ISC)² members holding the CISSP-ISSEP certification worldwide.

  1. Leadership and Business Management
  2. Systems Lifecycle Management
  3. Risk Management
  4. Threat Intelligence and Incident Management
  5. Contingency Management
  6. Law, Ethics, and Security Compliance Management

As of 1st July 2021, there were 1,324 (ISC)² members holding the CISSP-ISSMP certification worldwide.

Fees and ongoing certification

The standard exam costs $749 US as of 2021. On completion of the exam, to gain certification you need to complete an endorsement process to evidence at least five years experience within a mix of the domains. A dispensation can be claimed for one year with the relevant academic qualification. The final step is payment of the annual maintenance fee of $125 (as of 2020).

The CISSP credential is valid for three years; holders renew either by submitting 40 Continuing Professional Education (CPE) credits per year over three years or re-taking the exam.

CPE credits are gained by completing relevant professional education.


In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT.

In 2008, another study came to the conclusion that IT professionals with CISSP (or other major security certifications) and at least 5 years of experience tend to have salaries around US, about US (or 26%) higher than IT professionals with similar experience levels who do not have such certificates. Note that any actual cause-and-effect relationship between the certificate and salaries remains unproven.[citation needed]

As of 2017, a study by surveyed some 10,000 current and historical cyber security job listings that preferred candidates holding CISSP certifications. CyberSecurityDegrees found that these job openings offered an average salary of more than the average cyber security salary.

ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.

See also

  • CISM (Certified Information Security Manager)


External links

Source: Certified Information Systems Security Professional

Video about Certified Information Systems Security Professional Cissp Certification Exam

CISSP Certification Course – PASS the Certified Information Security Professional Exam!

Question about Certified Information Systems Security Professional Cissp Certification Exam

If you have any questions about Certified Information Systems Security Professional Cissp Certification Exam, please let us know, all your questions or suggestions will help us improve in the following articles!

The article Certified Information Systems Security Professional Cissp Certification Exam was compiled by me and my team from many sources. If you find the article Certified Information Systems Security Professional Cissp Certification Exam helpful to you, please support the team Like or Share!

Rate Articles Certified Information Systems Security Professional

Rate: 4-5 stars
Ratings: 3436
Views: 16722133

Search keywords Certified Information Systems Security Professional Cissp Certification Exam

1. Information Security
2. Cyber Security
4. Network Security
5. Security Architecture
6. Security Management
7. Risk Management
8. Cryptography
9. Incident Response
10. Access Control
#Certified #Information #Systems #Security #Professional