IN A WORLD WORTH PROTECTING

SQUARED IS THERE
SQUARED IS THERE
We all enjoy the access and convenience our
connected world brings. Technology has dissolved
our economic borders, enhanced our personal
productivity, improved the quality of our lives and
connected old friends and new. But these benefits
also have risks. We often wake up to news of another
cyber attack on our data, institutions and families.
And while no one can prevent every threat, the
certified experts from (ISC)2 are out there – in every
industry – working to safeguard our data and inspire a
safe and secure cyber world.

As the world’s largest nonprofit membership

association of certified cybersecurity professionals,
(ISC)2 is here to prepare our members for this vital
and highly rewarding profession. After all, behind the
data lies the livelihood and happiness of our family,
friends and community.

The (ISC)2 membership base is more than 150,000

strong and united in our mission to protect what’s
precious. It’s a community of professionals who
support and learn from each other. A community
with access to unparalleled resources and endless
opportunities to refine a craft that is constantly
changing. As an (ISC)2 member, you’ll find extensive
advantages and benefits that grow as you do.

2 (ISC)2 | Inspiring a Safe and Secure Cyber World

ADVANTAGES OF (ISC)2 MEMBERSHIP
Global recognition.
Proves you have what
it takes to protect
organizations, wherever
they’re based.
Increased visibility
and credibility.
Improves job security
and opens new doors
for advancement
and impact.
Professional
differentiation.
Helps you stand out to
employers, clients and
prospects.
For more information, visit isc2.org
Support from Vendor-neutral
a global community. versatility.
Gives you access to like- Proves your skills can
minded cybersecurity be applied to different
leaders who share your technologies and
mission and passion. methodologies.
Sharpened Solid foundation.
development. Prepares you to better
Brings free online training stem cyber attacks
courses for continued and inspire a safe and
professional enrichment secure cyber world.
and CPE credits.
Expanded Stronger skill set.
knowledge base. Expands the skills
Ensures deeper, better and and knowledge
broader understanding of the needed to fulfill
common body of knowledge organizational
for cybersecurity. duties.
3
PATHWAY TO (ISC)2 CERTIFICATION
1 CHOOSE 2 PREPARE
Pursue the credential that aligns (ISC)2 exams are known to be rigorous. The Official (ISC)2
with your professional aspirations. Training route is an excellent way to prep for success!

Official Training
Leadership and Operations From self-paced to instructor-led, choose the training format
that fits your schedule and learning style.

Online Self-Paced Classroom-Based

Security Administration Available for CISSP, SSCP, CCSP
and CISSP concentrations
Available for all certifications
except CISSP concentrations

Online Instructor-Led Private On-Site

Cloud Security Available for all certifications Available for all certifications
except CISSP concentrations except CISSP concentrations

Official Study Tools

Authorization
Round out your knowledge and gauge exam
readiness using a variety of industry-leading
resources.
• Common Body of Knowledge
Software Security
(CBK) Textbooks
• Study Guides
• Practice Test Books
Healthcare Security and Privacy • Interactive Flash Cards
• Study Apps

4 (ISC)2 | Inspiring a Safe and Secure Cyber World

3 PASS 4 MASTER
Get ready to join an elite group of (ISC)2 members never stop learning
professionals committed to inspiring and growing. Maintaining certification
a safe and secure cyber world! means you must recertify every 3 years
by earning continuing professional
All (ISC)2 exams are administered education (CPE) credits and paying an
at Pearson VUE Testing Centers, annual maintenance fee (AMF) to support
the leading provider of global, ongoing development. We take you
computer-based testing for beyond certification with valuable learning
certification and licensure exams. opportunities throughout your career.
Once you pass with a minimum
score of 700 out of 1,000, you’ll Professional Development Institute (PDI)
have 9 months from the exam date The (ISC)² Professional Development
to complete the online endorsement Institute offers relevant, high-impact
process. courses that keep skills sharp and count for
CPEs. Offered as a free member benefit,
You’ll also need to abide by the the PDI is a go-to resource for cybersecurity
(ISC)² Code of Ethics, designed to professionals who want and need to protect
protect society, the common good, critical assets in their organizations.
public trust and the profession.
Explore the expanding PDI portfolio at:
Register for your exam at: isc2.org/development
pearsonvue.com/isc2

For more information, visit isc2.org 5

 Official (ISC)2 Training
SET YOURSELF UP FOR SUCCESS
Whichever elite (ISC)² certification you pursue, the right preparation will make the difference on your path to success. We partner
with leading training providers around the world so you have convenient access to Official Training developed by (ISC)²,
the creator and keeper of the Common Body of Knowledge (CBK®).

THE OFFICIAL TRAINING ADVANTAGE

When you choose Official (ISC)² Training, you get*…

• Top-notch instruction from authorized instructors who are (ISC)2-certified, average 15–20 years of industry experience and
complete a rigorous process to teach our CBK.

• Comprehensive exam prep covering all current topic areas with a focus on real-world learning activities and scenarios.

• The most up-to-date content for deep awareness and understanding of new threats, technologies,
regulations and best practices.

• Official study tools like the Official (ISC)² Student Guide and interactive flash cards to reinforce knowledge
heading into exam day.

• Reliable knowledge checks through quizzes and post-course assessments to help you easily identify any
knowledge gaps and gauge exam readiness.

Explore your options at isc2.org/training

Always look for our official training partner logos to confirm a provider’s status:

INTERNATIONAL ACADEMIC PROGRAM

*Training features vary by certification.

6 (ISC)2 | Inspiring a Safe and Secure Cyber World

Associate of (ISC)2
When it comes to protecting critical assets, there’s no substitute for hands-on
experience. That’s why professional experience is required for all (ISC)² certifications.
But what if you don’t yet have it? You still can take any of our certification exams!

When you pass, you become an Associate of (ISC)² as you work to gain the experience
needed to achieve full certification. Throughout your journey, you’ll receive exclusive
(ISC)² resources to help you learn, grow and thrive.

15 CPEs each year | U.S. $50 AMF

Years of Years to Obtain

Certification Experience Required
Needed Experience

CISSP 5 6

SSCP 1 2

CCSP 5 6

CAP 2 3

CSSLP 4 5

HCISPP 2 3

For more information, visit isc2.org/associate 7

Leadership Operations REQUIREMENT DOMAINS
To qualify for the
CISSP, candidates
SECURITY AND RISK
CISSP recognizes your knowledge must have at MANAGEMENT

and ability to effectively design, least five years of SOFTWARE

DEVELOPMENT
engineer, implement and manage cumulative, paid, SECURITY

an organization’s overall security full-time work 15 %

posture. experience in two 11 % ASSET SECURITY

or more of the
10 %
Typical job titles include: eight domains of
the (ISC)2 CISSP SECURITY
• Chief Information Officer Common Body of OPERATIONS 13 %
• Chief Information Security Knowledge (CBK).
SECURITY
Officer 13 % ARCHITECTURE
AND ENGINEERING
• Director of Security
12 %
• IT Director/Manager
SECURITY
• Network Architect ASSESSMENT 13%
AND TESTING
13 %
• Security Analyst
COMMUNICATION
AND NETWORK
• Security Architect SECURITY
IDENTITY AND ACCESS
• Security Auditor MANAGEMENT (IAM)

• Security Consultant Percentages = Weight on Exam

• Security Manager
• Security Systems Engineer TRAINING METHODS
Private On-Site | Classroom-Based | Online Instructor-Led | Online Self-Paced

8 (ISC)2 | Inspiring a Safe and Secure Cyber World

 100-150
EXAM ITEMS ON THE ENGLISH CISSP CAT
(COMPUTER ADAPTIVE TESTING) EXAM
The non-English linear, fixed-form CISSP exam has

3
250 items

HOUR TIME LIMIT FOR CISSP CAT EXAM

The non-English linear, fixed-form CISSP exam allows
6 hours to complete

700/1000 TO PASS

MAINTAIN YOUR CERTIFICATION

120 CPEs over 3 years | U.S. $125 AMF
Members with multiple (ISC)² certifications only pay a single AMF.

For more information, visit isc2.org/cissp 9

Security Administration REQUIREMENT DOMAINS
To qualify for the
SSCP, candidates
SYSTEMS AND
SSCP recognizes hands-on must have at APPLICATION ACCESS
CONTROLS
technical abilities and practical least one year of SECURITY

experience. It proves you have the cumulative, paid,

skills to implement, monitor and full-time work 15 % 16 %
administer IT infrastructure using experience in one
IT security policies and procedures or more of the
— ensuring the confidentiality, seven domains of
integrity and availability of data. the (ISC)2 SSCP NETWORK AND 16 %
SECURITY
OPERATIONS AND
Common Body of COMMUNICATIONS 15 % ADMINISTRATION
SECURITY

Typical job titles include: Knowledge (CBK).

• Database Administrator
• Network Security Engineer 10 %
15 %
• Security Administrator
CRYPTOGRAPHY
13 %
• Security Analyst RISK IDENTIFICATION,
MONITORING, AND
• Security Consultant/Specialist ANALYSIS

INCIDENT RESPONSE
• Systems Administrator AND RECOVERY

• Systems Engineer Percentages = Weight on Exam

Effective November 1, 2021, the SSCP exam will be based on a new exam outline. The domains and
• Systems/Network Analyst their weights have changed. Please refer to the SSCP Exam Outline and our FAQs for details.

TRAINING METHODS
Private On-Site | Classroom-Based | Online Instructor-Led | Online Self-Paced

10 (ISC)2 | Inspiring a Safe and Secure Cyber World

 125 EXAM ITEMS

3 HOUR
TIME LIMIT

700/1000 TO PASS

MAINTAIN YOUR CERTIFICATION

60 CPEs over 3 years | U.S. $125 AMF

Members with multiple (ISC)² certifications only pay a single AMF.

For more information, visit isc2.org/sscp 11

Cloud Security REQUIREMENT DOMAINS
To qualify for the
CCSP, candidates
LEGAL, RISK &
CCSP recognizes IT and must have at COMPLIANCE CLOUD CONCEPTS
cybersecurity leaders who have least five years ARCHITECTURE &
DESIGN
the knowledge and competency of cumulative,
13 %
to apply best practices to paid, full-time 17%
cloud security architecture, work experience
design, operations and service in information
CLOUD SECURITY
orchestration. It designates leaders technology, OPERATIONS

of which three 17%

on the forefront of cloud security.
years must be in
information security 19 % CLOUD DATA
Typical job titles include: SECURITY
and one year in
• Enterprise Architect one or more of
• Security Administrator the six domains
17 %
• Security Architect of the (ISC)2 CCSP
17%
Common Body of
CLOUD APPLICATION
• Security Consultant Knowledge (CBK). SECURITY

• Security Engineer CLOUD PLATFORM &

INFRASTRUCTURE
• Security Manager SECURITY

• Systems Architect
Percentages = Weight on Exam
• Systems Engineer

TRAINING METHODS
Private On-Site | Classroom-Based | Online Instructor-Led | Online Self-Paced

12 (ISC)2 | Inspiring a Safe and Secure Cyber World

 125 EXAM ITEMS

3 HOUR
TIME LIMIT

700/1000 TO PASS

MAINTAIN YOUR CERTIFICATION

90 CPEs over 3 years | U.S. $125 AMF

Members with multiple (ISC)² certifications only pay a single AMF.

For more information, visit isc2.org/ccsp 13

Authorization REQUIREMENT DOMAINS
To qualify for the
CAP, candidates
CONTINUOUS INFORMATION SECURITY
CAP recognizes your knowledge, must have at MONITORING RISK MANAGEMENT
skills and abilities to authorize least two years of PROGRAM

and maintain information systems cumulative, paid, 16 %

16 %
within the NIST Risk Management full-time work
Framework (RMF). experience in one
AUTHORIZATION
or more of the OF INFORMATION CATEGORIZATION
SYSTEMS (IS) OF INFORMATION
Jobs that typically use seven domains 10 %
11% SYSTEMS (IS)

or require CAP: of the (ISC)² CAP

Common Body of
• The U.S. federal government, Knowledge (CBK).
such as the U.S. Department
16 %
of State and Department 15%
ASSESSMENT OF
of Defense SECURITY CONTROLS SELECTION OF
SECURITY CONTROLS
• The military 16 %
• Civilian roles, such as
federal contractors
IMPLEMENTATION OF
• Local governments SECURITY CONTROLS
Percentages = Weight on Exam
• Private sector organizations
Effective August 15, 2021, the CAP exam will be based on a new exam outline. The domains and
their weights have changed. Please refer to the CAP Exam Outline and our FAQs for details.

TRAINING METHODS
Private On-Site | Classroom-Based | Online Instructor-Led

14 (ISC)2 | Inspiring a Safe and Secure Cyber World

 125 EXAM ITEMS

3 HOUR
TIME LIMIT

700/1000 TO PASS

MAINTAIN YOUR CERTIFICATION

60 CPEs over 3 years | U.S. $125 AMF

Members with multiple (ISC)² certifications only pay a single AMF.

For more information, visit isc2.org/cap 15

Software Security REQUIREMENT DOMAINS
To qualify for the
CSSLP, candidates
CSSLP recognizes your knowledge SECURE SOFTWARE SECURE SOFTWARE
must have at
and ability to incorporate security CONCEPTS REQUIREMENTS
least four years
practices – authentication,
of cumulative,
authorization and auditing – 10 %
paid, full-time SECURE SOFTWARE 14 %
into each phase of the Software SUPPLY CHAIN
work experience
Development Lifecycle (SDLC), 11 %
as a software
from software design and SECURE SOFTWARE
development ARCHITECTURE
implementation to testing and 14% AND DESIGN
lifecycle
deployment.
professional in SECURE SOFTWARE 12 %
one or more of the DEPLOYMENT,
Typical job titles include: OPERATIONS,
eight domains of MAINTENANCE
• Application Security Specialist the (ISC)² CSSLP
14 %
• IT Director/Manager Common Body of 11%
• Penetration Tester Knowledge (CBK). SECURE SOFTWARE
14 % IMPLEMENTATION

• Project Manager SECURE SOFTWARE

SOFTWARE MANAGEMENT
• Quality Assurance Tester
• Security Manager SECURE SOFTWARE
TESTING

• Software Architect
Percentages = Weight on Exam
• Software Developer
• Software Engineer
• Software Procurement Analyst
TRAINING METHODS
• Software Program Manager
Private On-Site | Classroom-Based | Online Instructor-Led

16 (ISC)2 | Inspiring a Safe and Secure Cyber World

 125 EXAM ITEMS

3 HOUR
TIME LIMIT

700/1000 TO PASS

MAINTAIN YOUR CERTIFICATION

90 CPEs over 3 years | U.S. $125 AMF

Members with multiple (ISC)² certifications only pay a single AMF.

For more information, visit isc2.org/csslp 17

Healthcare
Security and Privacy REQUIREMENT DOMAINS
To qualify for the
HCISPP, candiates must
HCISPP recognizes your knowledge HEALTHCARE THIRD-PARTY RISK
have at least two years
and ability to successfully INDUSTRY MANAGEMENT
of cumulative, paid, full-
implement, manage and assess
time work experience
security and privacy controls for 12 %
in none or more 15%
healthcare and patient information.
knowledge areas of the
HCISPP Common Body
Typical job titles include:
of Knowledge (CBK) INFORMATION
• Compliance Auditor that includes security, TECHNOLOGIES 8%
RISK
MANAGEMENT
IN HEALTHCARE 20% AND RISK
• Compliance Officer compliance and privacy. ASSESSMENT

• Health Information Manager Legal experience

• Information Security Manager may be substituted
for compliance 5%
• Information Technology
and information
Manager 25%
management experience INFORMATION
15 %
GOVERNANCE
• Medical Records Supervisor may be substituted for IN HEALTHCARE
PRIVACY AND
• Practice Manager privacy. Of the two years SECURITY IN
HEALTHCARE
• Privacy and Security Consultant of experience, one of REGULATORY

• Privacy Officer those years must be in AND STANDARDS

ENVIROMENT
the healthcare industry.
• Risk Analyst Percentages = Weight on Exam

TRAINING METHODS
Private On-Site | Classroom-Based | Online Instructor-Led

18 (ISC)2 | Inspiring a Safe and Secure Cyber World

 125 EXAM ITEMS

3 HOUR
TIME LIMIT

700/1000 TO PASS

MAINTAIN YOUR CERTIFICATION

60 CPEs over 3 years | U.S. $125 AMF
Members with multiple (ISC)² certifications only pay a single AMF.

For more information, visit isc2.org/hcispp 19

CISSP Concentrations:
CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP

CISSP concentrations build on the CISSP credential,

proving mastery in specialized areas: Architecture,
Engineering and Management. To qualify for a
CISSP concentration, you must be a CISSP in good
standing and have two years of cumulative, paid,
full-time work experience in one or more of the
domains of the respective concentration.

MAINTAIN YOUR CERTIFICATION

20 CPEs over 3 years | U.S. $125 AMF

Members with multiple (ISC)² certifications only pay a single AMF.

20 (ISC)2 | Inspiring a Safe and Secure Cyber World

Information Architecture DOMAINS

CISSP-ISSAP recognizes your ARCHITECT FOR ARCHITECT FOR

knowledge and ability to GOVERNANCE, COMPLIANCE APPLICATION SECURITY
AND RISK MANAGEMENT
understand information security
architectural concepts and industry 17 % 13%
best practices in the design,
deployment and maintenance of an
information security program. IDENTITY AND ACCESS
MANAGEMENT (IAM)
16% ARCHITECTURE
Typical job titles include: SECURITY
OPERATIONS 18%
• Security Analyst ARCHITECTURE

• Security Architect
• System Architect
15% 21 %
• System and Network Designer

125
INFRASTRUCTURE
SECURITY SECURITY
ARCHITECTURE ARCHITECTURE
MODELING
EXAM ITEMS

3 HOUR
TIME LIMIT
Percentages = Weight on Exam

700/1000
TRAINING METHOD | Online Self-Paced
TO PASS

For more information, visit isc2.org/concentrations 21

Information Engineering DOMAINS

CISSP-ISSEP recognizes your SECURE OPERATIONS,

CHANGE MANAGEMENT
knowledge and ability to understand AND DISPOSAL
SYSTEMS SECURITY
information system security ENGINEERING
engineering concepts and industry FOUNDATIONS
17 %
best practices in the secure design, 25%
deployment and maintenance of an
information system.
SYSTEMS
Typical job titles include: IMPLEMENTATION, 14%
VERIFICATION
AND VALIDATION
• Information Assurance Analyst
• Information Assurance Officer
14%
• Information Assurance RISK
Systems Engineer MANAGEMENT

• Senior Security Analyst 30%

• Senior Systems Engineer

125
EXAM ITEMS
SECURITY
PLANING & DESIGN

3
Percentages = Weight on Exam
HOUR
TIME LIMIT

700/1000
TRAINING METHOD | Online Self-Paced
TO PASS

22 www.isc2.org/
(ISC)2 | Inspiring a Safe and Secure Cyber World 22
Information Management DOMAINS

CISSP-ISSMP recognizes your LEADERSHIP LAW, ETHICS AND

AND BUSINESS SECURITY COMPLIANCE
knowledge and ability to MANAGEMENT MANAGEMENT
establish, present and govern
information security programs, and 22 % 14%
demonstrate management and
leadership skills.

Typical job titles include:

THREAT
• Chief Information Officer SYSTEMS 19% 17% INTELLIGENCE
LIFECYCLE AND INCIDENT
• Chief Information MANAGEMENT MANAGEMENT

Security Officer
• Chief Technology Officer
10%
• Senior Security Executive 18 %

125
CONTINGENCY RISK
MANAGEMENT MANAGEMENT

EXAM ITEMS

3
Percentages = Weight on Exam
HOUR
TIME LIMIT

700/1000 TO PASS TRAINING METHOD | Online Self-Paced

For more information, visit isc2.org/concentrations 23

 VISION | Inspire a safe and secure cyber world
MISSION | Support and provide members and constituents with credentials, resources and leadership
to address cyber, information, software and infrastructure security to deliver value to society

For more information, visit isc2.org or contact our team for a consult today:
Americas Europe, Asia-Pacific
+1 866 331 4722 ext. 2 Middle East +852 2850 6951
and Africa
[email protected] Japan: +81 3 5322 2837
+44 203 960 7800
China: +86 10 5873 2896
[email protected]
[email protected]

03/2021

24