CySA+ Domain #5: Compliance and assessment

Greg Belding
September 20, 2021 by
Greg Belding

The Cyber Security Analyst Plus, or CySA+, certification is intended for cybersecurity analysts with an intermediate level of hands-on cybersecurity work experience. There are not too many certifications geared specifically towards cybersecurity analysts, so this certification will likely be of interest to them and other related cybersecurity roles (there are literally too many to list for brevity’s sake). To earn this certification, certification candidates will need to pass the CySA+ certification exam, which comprises five domains of knowledge. 

Earn your CySA+, guaranteed!

Earn your CySA+, guaranteed!

Get hands-on experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

CySA+ CS0-002 – what has changed since CS0-001

CS0-002 has undergone several changes since the last exam version, but the most applicable to this article is the addition of Domain 5, compliance and assessment. Below is a high-level view of what has changed since the last exam version and a comparison of the differences in domains between CS0-001 and CS0-002.

  • CS0-002 has followed the cybersecurity market trend of “going on the offense with defense” with threat hunting, an essential element of threat intelligence
  • CS0-002 focuses more on software security than systems security
  • Incident response has become more of a focus
  • More content on the cybersecurity regulatory environment has also been added in response to the growing number of cybersecurity regulations
  • These changes have amounted to some material being shifted around into other Domains and an entirely new domain
  • Domain 5 of CS0-002 is nearly all new material

CS0-001 Domains

Domain Percentage of Examination

1.0 Threat Management 27%

2.0 Vulnerability Management 26%

3.0 Cyber Incident Response 23%

4.0 Security Architecture and Tool Sets 24%


CS0-002 Domains

Domain Percentage of Examination

1.0 Threat and Vulnerability Management 22%

2.0 Software and Systems Security 18%

3.0 Security Operations and Monitoring 25%

4.0 Incident Response 22%

5.0 Compliance and Assessment 13%

No matter how you may feel about the seemingly never-ending encroachment of regulations into the cyber world, it will probably continue on its current trajectory into the distant future. With that said, being knowledgeable about the different cybersecurity regulations that you need to be following, the frameworks that they use, as well as the controls and assessments that go hand in hand with them will serve not only your career but also the organization that hires you. The best cybersecurity analyst in the world will be a liability to their organization if they are not aware of the importance of compliance and assessment in the job role. On the opposite side of the coin, having a firm grasp of the knowledge and concepts covered by this domain will make you an invaluable addition to your organization because the CySA+ certification verifies a high level of familiarity with this information, unlike the previous CySA+ exam edition.How Compliance and Assessment will help your career

What is covered in CySA+ Domain 5?

CySA+ Domain 5 goes beyond the superficial exploration of what cybersecurity analysts are expected to know about compliance and assessment and delves into data privacy and protection; given a scenario, apply security concepts in support of organizational risk mitigation; and the relevant frameworks, policies, procedures, and controls involved. Of particular note, given that CySA+ demands an intermediate (or five years) of hands-on professional experience, is the scenario-based application of the knowledge and concepts covered in this domain. Below are the objectives and sub-objectives covered in CySA+ Domain 5.

5.1 Understand the importance of data privacy and protection

  • Privacy vs. security
  • Non-technical controls
    • Classification
    • Ownership
    • Retention
    • Data types
    • Retention standards
    • Confidentiality
    • Legal requirements
    • Data sovereignty
    • Data minimization
    • Purpose limitation
    • Non-disclosure agreement (NDA)

  • Technical controls
    • Encryption
    • Data loss prevention (DLP)
    • Data masking
    • Deidentification
    • Tokenization
    • Digital rights management (DRM)
      • Watermarking
    • Geographic access requirements
    • Access controls

5.2 Given a scenario, apply security concepts in support of organizational risk mitigation

  • Business impact analysis
  • Risk identification process
  • Risk calculation
    • Probability
    • Magnitude
  • Communication of risk factors
  • Risk prioritization
    • Security controls
    • Engineering tradeoffs
  • Systems assessments
  • Documented compensating controls
  • Training and exercises
    • Red team
    • Blue team
    • White team
    • Tabletop exercise

  • Supply chain assessment
    • Vendor due diligence
    • Hardware source authenticity

5.3 Explain the importance of frameworks, policies, procedures, and controls

  • Frameworks
    • Risk-based
    • Prescriptive

  • Policies and procedures
    • Code of conduct/ethics
    • Acceptable use policy (AUP)
    • Password policy
    • Data ownership
    • Data retention
    • Account management
    • Continuous monitoring
    • Work product retention

  • Control types
    • Managerial
    • Operational
    • Technical
    • Preventive
    • Detective
    • Responsive
    • Corrective

  • Audits and assessments
    • Regulatory
    • Compliance

Earn your CySA+, guaranteed!

Earn your CySA+, guaranteed!

Get hands-on experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

Understanding CySA+ domain 5

The new version of the CySA+ certification, CS0-002, contains five domains of knowledge unlike, the four that were in the previous exam version. Among the changes in this new domain, which covers compliance and assessment. While this does amount to an increased workload for certifications candidates, the material covered by CySA+ Domain 5 will make you better equipped to succeed in the dynamic world of cybersecurity analysis and more valuable to your organization.



Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.