CISSP Cyber Security Domains

What is CISSP ?

CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, and also known as (ISC)² see exam pricing.


In January, 2022 there are 152,632 (ISC)² members holding the CISSP certification around the world.


In June 2004, the CISSP designation was accredited under the ANSI ISO/IEC Standard 17024:2003. It is also formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT), Managerial (IAM), and System Architect and Engineer (IASAE) categories for their DoDD 8570 certification requirement.

In May 2020, The UK National Recognition Information Centre (UK NARIC - the designated United Kingdom national agency for the recognition and comparison of international qualifications and skills, acting on behalf of the UK Government) assessed the CISSP qualification as a Level 7 award, the same level as a Masters degree. The change will enable cyber security professionals to use the CISSP certification towards higher education course credit and also open up new opportunities for roles that require or recognize master’s degrees.

The CISSP curriculum breaks the subject matter down into a variety of Information Security topics referred to as domains. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."

In May 2021 there will be a domain refresh that will impact the weighting of the domains, the domains themselves will not change.

What is CISSP, learn, CISSP, CISSP Requirements, cissp scope, cissp exam, cybrary, cybersecurity, network engineering classes
CISSP Cyber Security Domains


CISSP Domains Scope

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

CISSP Requirements

  1. Possess a minimum of five years of direct full-time security work experience in two or more of the (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a master's degree in Information Security, or for possessing one of a number of other certifications. A candidate without the five years of experience may earn the Associate of (ISC)² designation by passing the required CISSP examination, valid for a maximum of six years. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.
  2. Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.
  3. Answer questions regarding criminal history and related background.
  4. Pass the multiple choice CISSP exam (three hours, up to 150 questions, in an adaptive exam) with a scaled score of 700 points or greater out of 1000 possible points, you must achieve a pass in all eight domains.
  5. Have their qualifications endorsed by another (ISC)² certification holder in good standing.

Next Post Previous Post