CISSP Resource Hub | Infosec Resources

149,174

# of CISSP holders

$114,293

Avg. U.S. salary

5 years

Required experience

CISSP domains

The CISSP exam covers eight knowledge areas, or domains. The current CISSP domains are listed below:

Security and risk management (15%)

This domain covers objectives ranging from foundational security concepts to governance, risk management and privacy. It also covers security policy and procedures and setting up a security awareness program.

Learn More
Asset security (10%)

This domain covers identifying, classifying, handling and retaining assets. It also covers the data lifecycle and determining data security controls and compliance requirements.

Learn More
Security architecture and engineering (13%)

This domain covers engineering processes, and security models and controls. It includes assessing and mitigating vulnerabilities in security architectures and determining cryptographic solutions.

Learn More
Communication and network security (13%)

This domain covers assessing and implementing secure design principles in network architectures, as well as securing network components and implementing secure communication channels.

Learn More
Identity and access management (13%)

This domain covers access control, federated identity with a third-party service, the identity and access provisioning lifecycle, and managing authorization mechanisms and authentication systems.

Learn More
Security assessment and testing (12%)

This domain covers various aspects of assessing, testing and auditing, from design and validation to conducting security control testing to collecting data and analyzing test output.

Learn More
Security operations (13%)

This domain covers complying with investigations, conducting logging and incident management, operating and maintaining detective and protective measures, and recovery strategies, and more.

Learn More
Software development security (11%)

This domain covers the software development life cycle (SDLC), applying security controls in software development ecosystems, assessing software security and the impact of acquired software, and more.

Learn More

Learn more about the CISSP domains.

CISSP requirements: How do I get the CISSP?

There are several CISSP requirements you must meet to earn and maintain your certification.

CISSP eligibility

To earn your CISSP, you must:

Pass the CISSP exam
Sign the (ISC)² code of ethics
Get endorsed by either a fellow CISSP holder or (ISC)² itself
Have five years of work experience in two or more of the CISSP domains. A degree or certain approved certifications can be used to satisfy one year of experience via the CISSP experience waiver.

If you do not have the required work experience upon passing your exam, you will become an Associate of (ISC)², or CISSP Associate, until you meet the experience requirements.

The CISSP Exam

The CISSP exam is updated every three years, and the most recent update went into effect in May 2021. The goal of the exam is to test your knowledge in effectively designing, engineering and managing the overall security posture of an organization. Read an overview of the CISSP exam to learn more.

What is the CISSP exam outline and structure?
- In 2017, the English version of the CISSP exam moved to a Computer Adaptive Test (CAT) format, which changes the difficulty of the questions based on your previous answers. This allowed (ISC)² to cut the test from six hours and 250 questions to a much more manageable three hours and 100–150 questions. In addition to multiple-choice questions, the CISSP exam may include some questions in the drag-and-drop or hotspot format.
  
  Non-English versions of the exam are available in the six-hour linear exam format. However, both versions of the exam feature the same content, which is aligned to the CISSP CBK (Common Body of Knowledge).
How hard is the CISSP exam?
- The CISSP exam has been described as a mile wide and an inch deep, and you need to score “above proficiency” in each domain to pass. That breadth of knowledge may make it difficult for those with more specialized knowledge and experience. Also, the adaptive nature of the CAT exam can make the exam feel more difficult, as each question is designed to be challenging.
  
  CISSP pass rates vary depending on an individual’s experience, study habits and test-taking strategies. Those who take an Infosec CISSP Boot Camp average a 93% pass rate. For more advice on passing the CISSP exam, check out our 8 tips for CISSP exam success, or download our free ebook, CISSP exam tips from students and instructors.
How do you take the CISSP exam?
- Pearson VUE is the global administrator of all (ISC)² exams, and all CISSP exams must be taken in person at a Pearson Vue test center. To take your CISSP exam, create a Pearson VUE account, find a test location near you and schedule your exam. If you have a CISSP voucher or exam payment included with your CISSP training, you can redeem it during this process.
How much does the CISSP exam cost?
- The CISSP exam costs $749 in all regions except the U.K. (585 pounds) and Europe (665 euros). Person VUE charges $50 (35 pounds and 40 euros) to reschedule your exam and $100 (70 pounds and 80 euros) to cancel your exam. If you do not take your exam within one year of your initial exam scheduled date, you will not be refunded for canceling your exam.
How long does the CISSP certification last?
- CISSP renewal is required or your CISSP certification will expire. This involves two steps:
  - CISSP annual maintenance fee (AMF): A $125 fee must be paid upon certification and every year after (by the anniversary date of getting certified). If you hold more than one (ISC)² certification, only one fee is required to maintain all your (ISC)² certs.
  - CISSP CPEs: (ISC)² requires 120 continuing professional education (CPE) credits over a three-year period, with a recommended goal of 40 CPEs each year. Of those, at least 30 must be from Group A activities, which are directly related to the CISSP domains, and up to 10 can be from Group B activities, which are general professional development activities.
  Learn more about CISSP renewal requirements and earning CISSP CPE credits — or download the (ISC)² CPE Handbook.

Free and self-study CISSP materials

A variety of resources are available to help you prepare for your CISSP exam, but it’s often best to start is with the CISSP exam outline. The CISSP exam blueprint provides an outline of all the objectives included in the CISSP common body of knowledge, and it’s a great launching point for understanding the scope of knowledge required to successfully pass the exam.

CISSP study guides and CISSP books

(ISC)² provides a number of training resources available on Amazon and elsewhere. These include:

Official (ISC)² CISSP CBK Reference, Sixth Edition (from Sybex)
(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition (from Sybex)
CISSP For Dummies, 6th Edition

Other popular CISSP exam prep guides and PDFs include:

CISSP All-in-One Exam Guide by Shon Harris and Fernando Maymi
CISSP Study Guide by Eric Conrad
Eleventh Hour CISSP: Study Guide by Eric Conrad
Free Sunflower CISSP PDF

You can also download the free CISSP exam tips ebook from Infosec.

CISSP practice questions and exams

CISSP practice exams are a great way to gauge your exam readiness and understand the types of questions you’ll be asked. There are even free CISSP dumps that can be found, although it’s against (ISC)² policy to disclose the actual exam questions being used. A few of the most popular CISSP practice question options are listed below:

(ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests 3rd Edition (from Sybex)
(ISC)² Official CISSP Flash Cards
Boson CISSP practice exam

Most paid CISSP training courses also offer practice questions. For example, Infosec Skills CISSP training has a customizable practice exam with more than 1,500 CISSP questions.

Other free CISSP training resources

There are a number of other free CISSP training materials being produced and shared by the community:

Forums like TechExams and Reddit allow you to connect directly with others who are studying for or have already taken the CISSP.
YouTube is another great place to connect with cybersecurity practitioners and learn about the CISSP exam. Although most CISSP courses cost money, there are numerous free CISSP videos available to watch, including our CISSP exam webcast.
Podcasts may not help you directly study for your CISSP exam, but those like the Cyber Work Podcast are a great way to hear about the career and training journeys of fellow IT and cybersecurity professionals.

CISSP jobs and careers

The CISSP is requested in more than 106,000 U.S. job openings, making it the most requested certification in the U.S., according to Cyberseek. Learn more about the CISSP job outlook.

What does a CISSP do?
- The CISSP is useful for a variety of mid- and advanced-level roles due to its broad range of material and five-year experience requirement. Common CISSP titles and job roles include:
  - Chief information security officer (CISO)
  - Chief information officer (CIO)
  - Director of security
  - IT manager or director
  - Security systems engineer
  - Security manager
  - Security analyst
  - Security auditor
  - Security or network architect
  - Security consultant
Is the CISSP worth it?
- For better or worse, the CISSP is often used by HR and hiring managers as an easy way to validate a candidate’s knowledge and experience. While the CISSP can help open doors and land an interview, it’s your knowledge and skills that will help you land the job. The CISSP also satisfies several DoD 8570 requirements (IAT Level III, IAM Level II, IAM Level III, IASAE I and IASAE II) for those working for or contracting with the Department of Defense (DoD).
What is the CISSP salary?
- The average CISSP salary in the U.S. is $114,293, but it varies depending on job role, location, experience and other factors. Those who also hold a CISSP concentration earn even higher average salaries:
  - Average ISSAP salary (U.S): $145,490
  - Average ISSEP salary (U.S): $131,720
  - Average ISSMP salary (U.S): $140,340
What are CISSP concentrations?
- After becoming a CISSP, you have the option of building on your certification by earning a CISSP concentration. These specialized skill sets and credentials can help you further stand out and advance your career.
  - Information Systems Security Architecture Professional (ISSAP): Earning your CISSP-ISSAP validates your expertise in how to develop, design and analyze security solutions.
  - Information Systems Security Engineering Professional (ISSEP): Earning your CISSP-ISSEP validates your expertise in how to apply systems engineering principles and processes to develop secure systems.
  - Information Security System Management Professional (ISSMP): Earning your CISSP-ISSAP validates your expertise in how to establish, present and govern information security programs.
How many people have a CISSP?
- As of July 2021, there are 149,174 CISSP holders worldwide — 92,976 of which are in the U.S. Only a fraction of those also holds a CISSP concentration:
  - ISSAP: 2,158 worldwide (1,318 in the U.S.)
  - ISSEP: 1,272 worldwide (1,233 in the U.S.)
  - ISSMP: 1,324 worldwide (972 in the U.S.)
Where can I find CISSP jobs?
- CISSP is the most requested certification in job listings, and general job boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder all allow you to search by keywords like “CISSP” for CISSP jobs. There are also cybersecurity-specific job boards, such as the CISSP Job Board, ClearedJobs, infosec-jobs.com and others. Another great way to find CISSP job openings is by joining local and national cybersecurity groups — such as ISSA or Women in Cybersecurity — joining local meetups or engaging in other cybersecurity forums and websites.
  
  To prepare for your job interview, download our free ebook of cybersecurity interview tips, “How to stand out, get hired and advance your career.” Also, check out the Top 10 CISSP interview questions.

Paid CISSP training and exam prep

How long you need to study for the CISSP exam depends on your existing knowledge and experience — and your method of training.

Live CISSP boot camps

For those looking to get certified quickly, a live online or in-person CISSP boot camp may be the best option. For example, the Infosec CISSP Boot Camp allows you to earn your CISSP in one week — with six days of training plus a day to schedule and take your CISSP exam. Other boot camp providers include Training Camp, Learning Tree and Global Knowledge.

The benefits of a live boot camp include:

Live interaction with your instructor and peers: This can be especially useful for more advanced certifications where fellow students have years of real-world experience and situations to share.
Complete training package: Most boot camps come with everything you need to succeed — from live instruction to exam vouchers to books and practice exams. Infosec’s boot camp also comes with extended access to CISSP concentration training (ISSAP, ISSEP and ISSMP) and other hands-on labs to keep your skills sharp after you get certified.
Improved pass rates: Boot camp providers like Infosec stand by their training with an Exam Pass Guarantee. That means if you fail your exam on your first attempt, you’ll get a second attempt to pass — for free.

Self-paced CISSP training

For those with more time — and self-discipline — a number of training providers offer paid CISSP courses you can complete at your own pace, including companies like Infosec, Cybrary, Udemy and (ISC)².

The benefits of on-demand CISSP training include:

Train at your own pace: Train when it’s convenient for you — whether that’s 30 minutes over your lunch or a few hours on the weekend. There’s no need to set aside 40-60 hours for a week of intense, live instruction.
Build an individual training plan: Since you’ll be training by yourself and not with a group, target your training around the domains and objectives you need to learn the most. Consider joining a study group or connecting with peers if you’d like further insights from your peers.
Take the exam when you feel ready: With more time to study, you’ll have more time to get prepared without feeling like you’ll lose the benefits of the boot camp “exam cram.”

CISSP comparisons and alternatives

Is the CISSP the best certification for you, or would something else be a better fit? Which certification is easier? Which certification should you take first? Which one is better for your career? That all depends on you and your career goals. Check out these articles to learn more:

CISSP — Certified Information Systems Security Professional

What is the CISSP certification?

149,174

# of CISSP holders

$114,293

Avg. U.S. salary

5 years

Required experience

CISSP domains

Security and risk management (15%)

Asset security (10%)

Security architecture and engineering (13%)

Communication and network security (13%)

Identity and access management (13%)

Security assessment and testing (12%)

Security operations (13%)

Software development security (11%)

CISSP requirements: How do I get the CISSP?

CISSP eligibility

The CISSP Exam

Free and self-study CISSP materials

CISSP study guides and CISSP books

CISSP practice questions and exams

Other free CISSP training resources

CISSP jobs and careers

Paid CISSP training and exam prep

Live CISSP boot camps

Self-paced CISSP training

CISSP comparisons and alternatives

Most recent CISSP articles

What is the CISSP-ISSAP? Information Systems Security Architecture Professional

Average ISSEP Salary in 2021

Average ISSMP Salary

Average CISSP salary

CISSP job outlook

Understanding the CISSP exam schedule: duration, format, scheduling and scoring

CISSP certification - The ultimate guide

What is the CISSP-ISSEP? Information Systems Security Engineering Professional