An Introduction to the CISSP Refresh

The ISC (2) is one of the leading Cybersecurity cert organizations in the world. They offer numerous certs, such as the following:

  • The Certified Information Systems Professional Security Professional (CISSP);
  • The Systems Security Certified Practitioner (SSCP);
  • The Certified Cloud Security Professional (CCSP);
  • The Certified Authorization Professional (CAP);
  • The Certified Secure Software Lifecycle Professional (CSSLP).

Out of these certs, it is the CISSP that has remained one of the most popular as well as most recognized. Because of this, and the ever-changing Cyber-security landscape, the dynamics of the exam are changing as well, to keep it fresh and up to date with the latest trends.

This article addresses some of the key questions about the recent changes that have occurred to the CISSP.

Frequently Asked Questions Regarding the CISSP Domain Refresh

  1. Why are changes being made to the CISSP?

    The Cyber-security landscape is an ever-changing one. What’s new today could very well be “ice cold” in the short term. The content of the exam needs to remain up to date, to reflect the demands of today’s IT Security professional. The updates that have been made are designed to reflect the new roles and responsibilities of the IT Security professional.

  2. What specifically has changed?

    In general terms, the study content for the exam has changed, updated, etc. to bring the candidate the most updated materials as they prepare for the CISSP. The domain names have been changed as well, as can be seen by the following matrix:

Old Domain Name New Domain Name % Weight on Exam
Security and Risk Management (Domain 1) Security and Risk Management (Domain 1) 15% (New)
16% (Old)
Asset Security (Domain 2) Asset Security (Domain 2) 10% (New)
10% (Old)
Security Engineering (Domain 3) Security Architecture and Engineering (Domain 3) 13% (New)
12% (Old)
Communications and Network Security (Domain 4) Communication and Network Security (Domain 4) 14% (New)
12% (Old)
Identity and Access Management (Domain 5) Identity and Access Management (IAM) (Domain 5) 13% (New)
13% (Old)
Security and Assessment Testing (Domain 6) Security Assessment and Testing (Domain 6) 12% (New)
11% (Old)
Security Operations (Domain 7) Security Operations (Domain 7) 13% (New)
16% (Old)
Software Development Security (Domain 8) Software Development Security (Domain 8) 10% (New)
10% (Old)


  1. What is the effective date for all of the changes?

    These changes are effective as of April 15, 2018.

  2. Have there been any changes made to the languages in which the CISSP is available?

    As of the effective date, the languages in which the CISSP will be available are as follows:

  • English
  • French
  • German
  • Brazilian Portuguese
  • Spanish
  • Japanese
  • Chinese
  • Korean
  1. Given these new changes and requirements, has the actual number of questions changed on the CISSP?

    No, it has not, the total number of questions stand at 100-150 multiple choice questions.

  2. Has the time limit to take the actual exam also changed, in light of these new changes?

    No, the time limit to take the exam has not changed, you still have up to a total of 3 hours to complete it.

  3. Given these new changes, should I change my studying tactics for the exam?

    The ISC (2) cannot recommend one way or another how to study. We can recommend the materials to help you prepare for the exam, such as the textbooks, study guides, practices questions, and exams, etc. Keep in mind also that the questions on the exam are experienced based. In other words, the answers to them simply cannot be memorized by reviewing the study material. You have to have the work experience as well. Remember, it takes a combination of that work experience as well as dedicated study time to pass the exam. Another recommended approach to prepare for the exam is making the use of study groups. This method can also help you pinpoint areas of strengths and weaknesses. Finally, the ISC (2) cannot guarantee that you will pass the exam given the various study options and methods that are available to you.

  4. Have the work experience requirements changed as well given these recent updates?

    No, the work experience has not changed in any way. You still must have at least five years of paid, full-time work experience in at least two out the eight listed domains in the above matrix. Of course, the more experience you have across multiple domains, the greater the statistical probability of passing the exam.

CISSP Training – Resources (InfoSec)

  1. Will there be updated study materials to reflect these new changes in the CISSP?

    Yes, there will be, and the breakdown is as follows:

  • The Official (ISC)² CISSP Training Course, this includes both classroom and virtual based training. The new materials will be made available on April 2018.
  • The Sybex CISSP Study Guide will be made available on May 2018.
  • The Official (ISC)² CISSP CBK and the Practice Test Book will be made available sometime during the 3rd quarter in 2018; the exact date has not yet been decided.
  • The CISSP for Dummies will also be made available sometime during the 3rd quarter in 2018; the exact date has not yet been decided.
  1. Why did the domains change for the CISSP?

    As it has been mentioned previously, a primary reason for these changes is the dynamic nature of the Cyber-security landscape. We want our certs to reflect the most current content, tools, methodologies, trends, etc. that out at there in the marketplace. Because of this, we have implemented what is specifically known as the “Job Task Analysis Process.” With this model, we have a panel of security experts that provide their direct input into the latest happenings in Cyber-security. Their feedback is then used to keep both the exam questions as well as all of the study materials up to date to keep the hard-earned CISSP credential the most prestigious in the industry.


Overall, this article has examined the top 10 FAQs that are related to the recent changes in the CISSP exam. The FAQs mentioned other types and kinds of study materials, and another great tool to use is the resources that are available from the InfoSec Institute.

Also, keep checking the ISC (2) website for further updates on the CISSP.