CCSP exam and CBK changes in August 2022
The International Information System Security Certification Consortium or (ISC)², introduced changes to its certified cloud security professional (CCSP) certification on August 1, 2022. This is the second update since its inception in 2015. The purpose of these enhancements is to better align CCSP domains with the latest changes in cloud security and the newest trends in cloud computing technologies and methodologies, including emerging, fast and sophisticated threats.
This article explores the changes to the domains covered by the CCSP certification exam. They are closely related to the roles and responsibilities of today’s practicing cloud security professionals. They are drawn from various topics in the updated (ISC)² CCSP common body of knowledge (CBK), a comprehensive framework of information security terms, principles, skills and techniques that a competent professional must know and use.
By reviewing the new topics covered by the exam, you will be able to identify areas of study that may need additional attention if you want to pass the test on the first attempt.
What changes are made to CCSP domains and their weight?
As a result of the CCSP domain refresh on August 1, 2022, it might seem that only a minor adjustment from the 2019 version was made: a 1% change in the weights for Domain 2: Cloud data security and Domain 5: Cloud security operations. All other domain weights are identical.
|Major Domains||August 2019||August 2022|
|Domain 1: Cloud concepts, architecture and design||17%||17%|
|Domain 2: Cloud data security||19%||20%|
|Domain 3: Cloud platform and infrastructure security||17%||17%|
|Domain 4: Cloud application security||17%||17%|
|Domain 5: Cloud security operations||17%||16%|
|Domain 6: Legal, risk and compliance||13%||13%|
However, in reality, new cloud security concepts have been added, and some content has been removed from the CCSP CBK. All domains have been updated or realigned to test the knowledge and hands-on experience in cloud security architecture, design, operations and service orchestration that today’s professionals need.
Skills covered in each of the CCSP domains
In each of the six CCSP domains, you’ll find critical topics you should know. These are areas you need to study before getting tested. So, go over the modules, as they highlight critical information, to become familiar with and pass the exam for certification.
CCSP Domain 1, Cloud concepts, architecture and design is an overview of cloud computing concepts, models (services and deployments) and principles.
1.1 Understand cloud computing concepts
1.2 Describe cloud reference architecture
1.3 Understand security concepts relevant to cloud computing
1.4 Understand design principles of secure cloud computing
1.5 Evaluate cloud service providers
CCSP Domain 2, Cloud data security is an overview of data classification and categorization, data lifecycle stages, data retention and auditing.
2.1 Describe cloud data concepts
2.2 Design and implement cloud data storage architectures
2.3 Design and apply data security technologies and strategies
2.4 Implement data discovery
2.5 Plan and implement data classification
2.6 Design and implement information rights management (IRM)
2.7 Plan and implement data retention, deletion and archiving policies
2.8 Design and implement auditability, traceability and accountability of data events
CCSP Domain 3, Cloud platform and infrastructure security requires a baseline knowledge of cloud security strategies, risks and responsibilities, and storage, as well as a business continuity program.
3.1 Comprehend cloud infrastructure and platform components
3.2 Design a secure data center
3.3 Analyze risks associated with cloud infrastructure and platforms
3.4 Plan and implementation of security controls
3.5 Plan business continuity (BC) and disaster recovery (DR)
CCSP Domain 4, Cloud application security is an overview of the software development lifecycle, testing, architecture and auditing of cloud services.
4.1 Advocate training and awareness for application security
4.2 Describe the secure software development life cycle (SDLC) process
4.3 Apply the secure software development life cycle (SDLC)
4.4 Apply cloud software assurance and validation
4.5 Use verified secure software
4.6 Comprehend the specifics of cloud application architecture
4.7 Design appropriate identity and access management (IAM) solutions
CCSP Domain 5, Cloud security operations includes ways of achieving data center high availability through redundancy, capacity/maintenance monitoring, risk management and change/configuration monitoring. It also covers data center redundancy and standards.
5.1 Build and implement physical and logical infrastructure for cloud environment
5.2 Operate and maintain physical and logical infrastructure for cloud environment
5.3 Implement operational controls and standards [e.g., information technology infrastructure library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
5.4 Support digital forensics
5.5 Manage communication with relevant parties
5.6 Manage security operations
CCSP Domain 6, Legal, risk and compliance covers the laws, regulations and standards for the protection of data in cloud computing.
6.1 Articulate legal requirements and unique risks within the cloud environment
6.2 Understand privacy issues
6.3 Understand audit process, methodologies, and required adaptations for a cloud environment
6.4 Understand implications of cloud to enterprise risk management
6.5 Understand outsourcing and cloud contract design
Comparison of old and new exams
Effective 1 August 2022, the CCSP exam increased from 100 operational items with 25 pretest (unscored) items to 100 operational items with 50 pretest items. As a result, the exam time increased from three to four hours.
|Exam format||CCSP old exam||CCSP new exam|
|Length of the exam||3 hrs.||4 hrs.|
|Number of questions||125||150|
|Type of questions||Multiple choice||Multiple choice|
|Passing score||700 points out of 1000||700 points out of 1000|
The refreshed CCSP exam costs U.S. $599 and is available in English, Chinese, German, Japanese, Korean and Spanish. Pearson VUE administers tests.
Can I appear for the refreshed CCSP exam with old CCSP material?
Yes, you can take the exam if you already have studied the previous CCSP CBK and have current experience in the field. Nevertheless, (ISC)² cannot guarantee that you will pass the exam merely using old material. To be safe, you should look for updated material and courses based on the latest exam content outline to avoid risking failure on test day.
How do I prepare for the new CCSP exam?
First, you must thoroughly examine the new topics and pay special attention to the recent CCSP CBK because it represents the most up-to-date concepts for the upcoming exam.
Devise a learning path that covers in-depth all cloud security knowledge topics covered by the domains and also focuses on those areas in which you feel less versed. Make full use of available CCSP updated training courses and options listed below.
Begin by checking out the (ISC)² self-study resources webpage, where you can get 50% off official training aids as a member benefit. These options allow CCSP exam candidates to learn at their own pace using traditional textbooks and more contemporary tools, such as interactive flashcards and study apps.
Below are some CCSP instructional materials to help you do better on exam day:
- Official (ISC)² CCSP Study Guide, 2nd Edition
- Official (ISC)² CCSP CBK Reference, 3rd Edition
- Official (ISC)² CCSP Practice Tests, 2nd Edition
The (ISC)² Community features a CCSP study group. Its discussion threads are created by users who are preparing for the exam or have recently passed the test.
The TechExams’ community forum is another group where certification-seekers and -holders can share general information on the exam topics.
The official (ISC)² CCSP training course will help students review and refresh their knowledge and identify areas they need to study. In addition, the (ISC)² official CCSP CBK training seminar can help professionals measure their competence against a globally recognized body of knowledge.
(ISC)² training partners and reputable accredited training providers are also excellent options because they deliver the most relevant, up-to-date course content in various formats to better fit the needs and preferences of students. Online boot camp-style options, for example, provide direct access to an instructor in a condensed format that concentrates live learning into a very limited number of days while giving longer-term access to online resources to fine-tune preparation.
Updates to the CCSP exam and CBK changes
As securing cloud services remains a challenge, those who meet the certification requirements for the CCSP vendor-neutral credential offered by the (ISC)² are sought out by employers for their knowledge and experience of cloud security architecture, design, operations and service orchestration, which this credential certifies.
Preparation is key to grasping the six domains and numerous subdomains and earning one of the most advanced cloud security certifications available today.
For more on the CCSP certification, check out our CCSP certification hub.
- CCSP, (ISC)²
- CCSP Study Group, (ISC)²
- Official Training Partners, (ISC)²
- (ISC)2 Certification Testing, Pearson VUE
- (ISC)² Self-Study Resources, (ISC)²
- CBK Suggested References, (ISC)²
- CCSP: Certification Exam Outline, (ISC)²
- CCSP Domain Refresh FAQ, (ISC)²
- The Ultimate Guide to the CCSP, (ISC)²
- CCSP Training Course Outline, (ISC)²
- CCSP Exam — Many Changes on the Way!, (ISC)² Blog
- CCSP Domain Changes Effective August 1, 2022, (ISC)² Community Manager