(ISC)² CISSP

Understanding the CISSP exam schedule: duration, format, scheduling and scoring [updated 2021]

June 30, 2021 by Graeme Messina

The Certified Information Systems Security Professional (CISSP) qualification is one of the many elite certifications offered by the International Information Security Certification Consortium or (ISC)². This is one of the most sought-after credentials available today. It is a vendor-neutral qualification that encourages candidates to design, create and deploy security systems and protocols within the organization.

What makes this qualification even more prestigious is that you must have a minimum of five years of cumulative, paid full-time work experience relating to two or more of the eight domains of the (ISC)² CISSP common body of knowledge (CBK). Having a four-year college degree or regional equivalent or another credential approved by the (ISC)² will reduce the required experience by one year. Also, if the candidate does not possess the required experience, he or she may become an associate of (ISC)² by successfully passing the CISSP exam and will then have six years to earn the five years of required experience.

The CISSP exam can be thought of as a tool to measure your ability to mitigate risk and increase security, while performing other IT security-related tasks, such as managing information systems and implementing security procedures. The fact that the CISSP is globally recognized means successful candidates will find ample opportunities regardless of their location.

What is the goal of the CISSP exam?

The goal of the CISSP certification exam is to test your technical skills, professional knowledge and experience in effectively designing, engineering and managing the overall security posture of an organization. The CISSP is the right choice for experienced security practitioners, managers and professionals including chief information security officers, IT directors and managers, security analysts and auditors and security systems engineers.

The exam will take you to the next level in your career by strengthening your skills, boosting your self-confidence and expanding your technical knowledge. The CISSP is DoD 8570.1 approved and is listed in the categories of IAT Level III, IAM Level II, IAM Level III, IASAE I and IASAE II.

CISSP exam schedule, duration and format

Candidates undergo a three-hour English exam consisting of 100 to 150 questions for the computerized adaptive testing (CAT); alternatively, they answer 250 questions in a six-hour testing window if taking the linear, fixed-form test administered in all other languages.

Exam Time Allotted Items Examination Availability
CISSP (English) 3 hours 100 – 150 multiple choice and advanced innovative items English
CISSP (Non-English) 6 hours 250 multiple choice and advanced innovative items French, German, Brazilian Portuguese, Spanish – Modern, Japanese, Simplified Chinese and Korean

The CISSP exam contains multiple-choice and advanced innovative questions that can take a couple of different forms:

  • Drag-and-drop: in this type of question, you need to drag one or more answers from one side of the screen into a box on the other side of the screen. Only drag the correct answer(s).
  • Hotspot: questions require you to click on a specific point in a graphic representation, such as a diagram of network architecture. The question will usually ask you to identify where a particular component would be located or where a particular type of attack is likely to originate.

The CISSP examination ensures candidates are competent in the following eight domains:

Security and risk management 15%
Asset security 10%
Security architecture and engineering 13%
Communication and network security 13%
Identity and access management 13%
Security assessment and testing 12%
Security operations 13%
Software development security 11%

To obtain the broad spectrum of topics, you can download the CISSP exam outline and/or download the official CISSP guide.

When to schedule your exam

Scheduling will depend entirely on your level of preparedness for the CISSP exam. Give yourself time to study and complete as many practice questions as possible before taking the test. Make sure to use official, certified study materials to gain a thorough understanding of each topic covered, or take a certification preparation course from the many available online for this certification, choosing one that best fits your schedule, needs and learning style. 

When you are ready, you’ll need to schedule your exam through the Pearson VUE website to confirm availability near you. Register for the exam by creating an account with Pearson VUE, and you’ll be presented with testing center and date options. The cost is $749.

Booking and taking the exam

To book the exam, follow these easy steps to make sure you satisfy all of the requirements:

  • Visit the Pearson VUE website
  • Create an account and review the non-disclosure
  • Select the (ISC)² certification exam you are pursuing
  • Schedule your exam
  • Select the best test center for your location
  • Select an appointment date/time
  • Pay for the exam
  • Keep your confirmation email

After you complete the above steps, Pearson VUE will transfer your registration information to (ISC)², Inc. You can also register via telephone; the contact numbers for Pearson VUE can be found here.

What are the identification requirements for testing?

When you arrive at the testing center, you’ll need to provide staff with at least two valid forms of identification. The following ID options are acceptable:

  • A valid state-issued driver’s license
  • A valid state-issued ID card
  • A valid military ID
  • A valid passport
  • A valid green card or resident card

More information regarding the types of acceptable identification to have on exam day can be found here.

What’s the exam arrival process like?

Plan to arrive at least 30 minutes before your CISSP examination is scheduled to begin. It is a good idea to familiarize yourself with the location of the exam center; make sure you are prepared for traffic and other factors that could affect travel time to the testing center. Arriving early also ensures that any identification issues or queries can be addressed without interfering with your certification attempt.

You will be photographed upon arrival and will have to leave all personal belongings outside of the testing room in a secure area. After you sign in, the test administrator will give you a short orientation and then lead you to your computer terminal.

What are the policies for rescheduling, late arrivals and cancellations?

Online cancellations and rescheduling must be done at least 48 hours before the scheduled examination time. Telephone cancellations and rescheduling must be completed at least 24 hours before the appointment. (Note: Pearson VUE charges a rescheduling fee of $50 and a cancellation fee of $100.) After this point, you must either take the test or forfeit your registration fees. Also, If you do not sit for your exam within 365 days of your initial scheduled exam date, you will not be refunded your exam fee.

If you arrive less than 15 minutes before the exam start time, you will be considered late. You will not be able to take the test and will forfeit your examination fee. Candidates are expected to arrive at least 30 minutes before the exam is set to start. The person overseeing the exam will use his or her discretion when deciding whether or not a candidate may take the exam after arriving late. If you are turned away due to late arrival, your exam result will appear in the system as a no-show.

If you fail the test, when can you retake it?

If you do not pass the exam on your first attempt, you will have to wait 30 days before you can retake the test. If you fail a second time, you will have a 90-day waiting period before you can take the exam again. Failing a third time requires a 180-day waiting period. You cannot attempt this exam more than three times in a calendar year, so you must be thoroughly prepared before booking and taking the test.

Note: failing candidates are provided with a breakdown of their proficiency level in each of the domains based on the percentage of questions answered correctly. Candidates are advised whether they reached below, near or above proficiency; this information is important to know the domains that they need to focus on in their further studies.

What is the cost of taking the CISSP exam?

The rates below are correct as of May 1, 2021, and may be subject to change.

Certification CISSP

Exam

CISSP

ISSAP/ISSEP/ISSMP

Americas / Asia Pacific / Middle East / Africa

Standard registration $749 $599

Europe

United Kingdom: standard registration GBP 585 GBP 479

Further details regarding examination pricing can be found here.

Scoring: What does it take to pass the CISSP exam?

The passing standard for the CAT version of the CISSP exam is identical to the old linear version, fixed-form test (consisting of 250 questions in a six-hour examination window that is administered in all other languages); it is 700 out of 1000 points.

Preparing and arriving on time for the CISSP exam

The CISSP has been used as a benchmarking tool for cybersecurity experts in the field of information security for years. It is a highly sought-after certification for any IT professionals who are looking to expand their skill sets and grow as security professionals. The exam requires extensive experience on the part of the test candidate, so sound knowledge and practical hands-on experience are required for anyone who decides to attempt the new CISSP exam.

 

Sources

CISSP, (ISC)², Inc.

Certification Exam Outline, (ISC)², Inc.

Ultimate Guide to the CISSP, (ISC)², Inc.

CISSP Experience Requirements, (ISC)², Inc.

(ISC)² Examination Scoring FAQs, (ISC)², Inc.

What You Need To Know About (ISC)² Exams, (ISC)², Inc.

Helpful resources for test-takers: What to Expect – FAQs, (ISC)², Inc.

Posted: June 30, 2021
Articles Author
Graeme Messina
View Profile

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.

Leave a Reply

Your email address will not be published. Required fields are marked *