CISSP — Certified Information Systems Security Professional
What is the CISSP certification?
The Certified Information Systems Security Professional, or CISSP certification, is overseen by the non-profit organization (ISC)² and validates your skills around designing, implementing and maintaining a cybersecurity program. It is the most requested certification in U.S. cybersecurity job openings. This is due to the broad range of material the CISSP covers, the on-the-job experience requirements and the CISSP endorsement requirement. This makes the CISSP an easy benchmark for hiring managers looking to confirm a certain level of cybersecurity knowledge and real-world experience in candidates. Get your free ebook, “CISSP exam tips and tricks (to ace your exam on the first try)” to learn more.
The CISSP exam covers eight knowledge areas, or domains. The current CISSP domains are listed below:
Learn more about the CISSP domains.
CISSP requirements: How do I get the CISSP?
There are several CISSP requirements you must meet to earn and maintain your certification.
To earn your CISSP, you must:
- Pass the CISSP exam
- Sign the (ISC)² code of ethics
- Get endorsed by either a fellow CISSP holder or (ISC)² itself
- Have five years of work experience in two or more of the CISSP domains. A degree or certain approved certifications can be used to satisfy one year of experience via the CISSP experience waiver.
If you do not have the required work experience upon passing your exam, you will become an Associate of (ISC)², or CISSP Associate, until you meet the experience requirements.
The CISSP Exam
The CISSP exam is updated every three years, and the most recent update went into effect in May 2021. The goal of the exam is to test your knowledge in effectively designing, engineering and managing the overall security posture of an organization. Read an overview of the CISSP exam to learn more.
What is the CISSP exam outline and structure?
In 2017, the English version of the CISSP exam moved to a Computer Adaptive Test (CAT) format, which changes the difficulty of the questions based on your previous answers. This allowed (ISC)² to cut the test from six hours and 250 questions to a much more manageable three hours and 125–175 questions. In addition to multiple-choice questions, the CISSP exam may include some questions in the drag-and-drop or hotspot format.
Non-English versions of the exam are available in the six-hour linear exam format. However, both versions of the exam feature the same content, which is aligned to the CISSP CBK (Common Body of Knowledge).
How hard is the CISSP exam?
The CISSP exam has been described as a mile wide and an inch deep, and you need to score “above proficiency” in each domain to pass. That breadth of knowledge may make it difficult for those with more specialized knowledge and experience. Also, the adaptive nature of the CAT exam can make the exam feel more difficult, as each question is designed to be challenging.
CISSP pass rates vary depending on an individual’s experience, study habits and test-taking strategies. Those who take an Infosec CISSP Boot Camp average a 93% pass rate. For more advice on passing the CISSP exam, check out our 8 tips for CISSP exam success, or download our free ebook, CISSP exam tips from students and instructors.
How do you take the CISSP exam?
Pearson VUE is the global administrator of all (ISC)² exams, and all CISSP exams must be taken in person at a Pearson Vue test center. To take your CISSP exam, create a Pearson VUE account, find a test location near you and schedule your exam. If you have a CISSP voucher or exam payment included with your CISSP training, you can redeem it during this process.
How much does the CISSP exam cost?
The CISSP exam costs $749 in all regions except the U.K. (585 pounds) and Europe (665 euros). Person VUE charges $50 (35 pounds and 40 euros) to reschedule your exam and $100 (70 pounds and 80 euros) to cancel your exam. If you do not take your exam within one year of your initial exam scheduled date, you will not be refunded for canceling your exam.
How long does the CISSP certification last?
CISSP renewal is required or your CISSP certification will expire. This involves two steps:
- CISSP annual maintenance fee (AMF): A $125 fee must be paid upon certification and every year after (by the anniversary date of getting certified). If you hold more than one (ISC)² certification, only one fee is required to maintain all your (ISC)² certs.
- CISSP CPEs: (ISC)² requires 120 continuing professional education (CPE) credits over a three-year period, with a recommended goal of 40 CPEs each year. Of those, at least 30 must be from Group A activities, which are directly related to the CISSP domains, and up to 10 can be from Group B activities, which are general professional development activities.
Free and self-study CISSP materials
A variety of resources are available to help you prepare for your CISSP exam, but it’s often best to start is with the CISSP exam outline. The CISSP exam blueprint provides an outline of all the objectives included in the CISSP common body of knowledge, and it’s a great launching point for understanding the scope of knowledge required to successfully pass the exam.
CISSP study guides and CISSP books
(ISC)² provides a number of training resources available on Amazon and elsewhere. These include:
- Official (ISC)² CISSP CBK Reference, Sixth Edition (from Sybex)
- (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition (from Sybex)
- CISSP For Dummies, 6th Edition
Other popular CISSP exam prep guides and PDFs include:
- CISSP All-in-One Exam Guide by Shon Harris and Fernando Maymi
- CISSP Study Guide by Eric Conrad
- Eleventh Hour CISSP: Study Guide by Eric Conrad
- Free Sunflower CISSP PDF
You can also download the free CISSP exam tips ebook from Infosec.
CISSP practice questions and exams
CISSP practice exams are a great way to gauge your exam readiness and understand the types of questions you’ll be asked. There are even free CISSP dumps that can be found, although it’s against (ISC)² policy to disclose the actual exam questions being used. A few of the most popular CISSP practice question options are listed below:
- (ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests 3rd Edition (from Sybex)
- (ISC)² Official CISSP Flash Cards
- Boson CISSP practice exam
Most paid CISSP training courses also offer practice questions. For example, Infosec Skills CISSP training has a customizable practice exam with more than 1,500 CISSP questions.
Other free CISSP training resources
There are a number of other free CISSP training materials being produced and shared by the community:
- Forums like TechExams and Reddit allow you to connect directly with others who are studying for or have already taken the CISSP.
- YouTube is another great place to connect with cybersecurity practitioners and learn about the CISSP exam. Although most CISSP courses cost money, there are numerous free CISSP videos available to watch, including our CISSP exam webcast.
- Podcasts may not help you directly study for your CISSP exam, but those like the Cyber Work Podcast are a great way to hear about the career and training journeys of fellow IT and cybersecurity professionals.
CISSP jobs and careers
The CISSP is requested in more than 106,000 U.S. job openings, making it the most requested certification in the U.S., according to Cyberseek. Learn more about the CISSP job outlook.
What does a CISSP do?
The CISSP is useful for a variety of mid- and advanced-level roles due to its broad range of material and five-year experience requirement. Common CISSP titles and job roles include:
- Chief information security officer (CISO)
- Chief information officer (CIO)
- Director of security
- IT manager or director
- Security systems engineer
- Security manager
- Security analyst
- Security auditor
- Security or network architect
- Security consultant
Is the CISSP worth it?
For better or worse, the CISSP is often used by HR and hiring managers as an easy way to validate a candidate’s knowledge and experience. While the CISSP can help open doors and land an interview, it’s your knowledge and skills that will help you land the job. The CISSP also satisfies several DoD 8570 requirements (IAT Level III, IAM Level II, IAM Level III, IASAE I and IASAE II) for those working for or contracting with the Department of Defense (DoD).
What is the CISSP salary?
The average CISSP salary in the U.S. is $124,000, but it varies depending on job role, location, experience and other factors. Those who also hold a CISSP concentration earn even higher average salaries:
What are CISSP concentrations?
After becoming a CISSP, you have the option of building on your certification by earning a CISSP concentration. These specialized skill sets and credentials can help you further stand out and advance your career.
- Information Systems Security Architecture Professional (ISSAP): Earning your CISSP-ISSAP validates your expertise in how to develop, design and analyze security solutions.
- Information Systems Security Engineering Professional (ISSEP): Earning your CISSP-ISSEP validates your expertise in how to apply systems engineering principles and processes to develop secure systems.
- Information Security System Management Professional (ISSMP): Earning your CISSP-ISSAP validates your expertise in how to establish, present and govern information security programs.
How many people have a CISSP?
As of July 2021, there are 149,174 CISSP holders worldwide — 92,976 of which are in the U.S. Only a fraction of those also holds a CISSP concentration:
- ISSAP: 2,158 worldwide (1,318 in the U.S.)
- ISSEP: 1,272 worldwide (1,233 in the U.S.)
- ISSMP: 1,324 worldwide (972 in the U.S.)
Where can I find CISSP jobs?
CISSP is the most requested certification in job listings, and general job boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder all allow you to search by keywords like “CISSP” for CISSP jobs. There are also cybersecurity-specific job boards, such as the CISSP Job Board, ClearedJobs, infosec-jobs.com and others. Another great way to find CISSP job openings is by joining local and national cybersecurity groups — such as ISSA or Women in Cybersecurity — joining local meetups or engaging in other cybersecurity forums and websites.
To prepare for your job interview, download our free ebook of cybersecurity interview tips, “How to stand out, get hired and advance your career.” Also, check out the Top 10 CISSP interview questions.
Paid CISSP training and exam prep
How long you need to study for the CISSP exam depends on your existing knowledge and experience — and your method of training.
CISSP comparisons and alternatives
Is the CISSP the best certification for you, or would something else be a better fit? Which certification is easier? Which certification should you take first? Which one is better for your career? That all depends on you and your career goals. Check out these articles to learn more: