CISSP Exam Requirements

How to get CISSP Certification

In the realm of information security, the Certified Information Systems Security Professional (CISSP) certification stands as a pinnacle of achievement. Widely recognized and respected, CISSP certification validates an individual's expertise in designing, implementing, and managing cybersecurity programs. For aspiring professionals looking to advance their careers in cybersecurity, obtaining CISSP certification is a significant milestone. In this comprehensive guide, we will explore the step-by-step process of acquiring CISSP certification, from understanding the prerequisites to navigating the examination and maintaining certification.

Step 1: Understand the Prerequisites

Before embarking on the journey towards CISSP certification, it is crucial to understand the prerequisites. CISSP candidates must have a minimum of five years of cumulative, paid, full-time work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK). However, candidates with a four-year college degree or an approved credential may be eligible for a one-year experience waiver.

Step 2: Prepare for the CISSP Examination

Preparation is key to success in the CISSP examination. The exam covers eight domains, including Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security. Candidates can prepare for the exam through self-study using official study guides, attending training courses, and utilizing practice exams and question banks.

Step 3: Pass the CISSP Examination

The CISSP examination consists of 100-150 multiple-choice and advanced innovative questions. Candidates have up to three hours to complete the exam, and a passing score of 700 out of 1000 points is required. Upon passing the exam, candidates must endorse their experience and subscribe to the (ISC)² Code of Ethics to complete the certification process.

Step 4: Complete the Endorsement Process

After passing the CISSP examination, candidates must submit an endorsement application, affirming their professional experience in the field of information security. The endorsement process involves providing details of relevant work experience, including job titles, employment dates, and descriptions of duties performed in each of the CISSP domains. Endorsement applications are reviewed by (ISC)² and typically processed within four to six weeks.

Step 5: Maintain CISSP Certification

Maintaining CISSP certification requires adherence to the Continuing Professional Education (CPE) requirements set forth by (ISC)². CISSP professionals must earn and submit a minimum of 40 CPE credits annually, with a total of 120 CPE credits required over a three-year certification cycle. CPE credits can be earned through various activities, including attending training courses, participating in webinars, publishing articles, and engaging in volunteer work.

CISSP Experience requirements

The requirements include the following components:

• Applicants must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)² CISSP CBK

OR

• Four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a four-year college degree or a credential from the (ISC)2-approved list

OR

• If you don’t have the experience you can become an Associate of (ISC)² by successfully passing the CISSP exam. You’ll have six years to earn your experience to become a CISSP.
• Note that only a one-year experience exemption is granted for education. Then again, there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2 approved list.
• Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires Information Security knowledge and involves the direct application of that knowledge.
• The five years of experience must be the equivalent of actual full-time Information Security work (not just Information Security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.

Ten domains of CISSP CBK

CISSP is divided into 8 areas or domains, known collectively as the ‘Common Body of Knowledge CBK’. These domains are:

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management
• Security Assesment and Testing
• Security Operations
• Software Development Security

CISSP Professional Experience Requirements

CISSP professional experience includes but not limited to:

• Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
• Work requiring habitual memory of a body of knowledge shared with others doing similar work.
• Management of projects and/or other employees.
• Supervision of the work of others while working with a minimum of supervision of one’s self.
• Work requiring the exercise of judgment, management decision-making, and discretion.
• Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
• Creative writing and oral communication.
• Teaching, instructing, training and the mentoring of others.
• Research and development.
• The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
• Applicable job title examples are CISO, Director, Manager, Supervisor, Analyst, Cryptographer, Cyber Architect, Information Assurance Engineer, Instructor, Professor, Lecturer, Investigator, Computer Scientist, Program Manager, Lead, etc.

Approved Credentials for Experience Waiver:

• CCSP (Cisco Certified Security Professional)
• CCNP Security (Cisco Certified Network Professional Security)
• CERT Certified Computer Security Incident Handler (CSIH)
• Certified Business Continuity Planner
• Certified Computer Crime Investigator (Advanced) (CCCI)
• Certified Computer Crime Prosecutor
• Certified Computer Examiner (CCE)
• Certified Forensic Computer Examiner (CFCE)
• Certified Fraud Examiner (CFE)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Internal Auditor (CIA)
• Certified Protection Professional (CPP)
• Certified Wireless Security Professional (CWSP)
• CIW Web Security Associate
• CIW  Security Analyst
• CIS Web Security Professional
• CIW Web Security Specialist
• CompTIA Security+
• Cyber Security Forensic Analyst (CSFA)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Security Essentials Certification (GSEC)
• GIAC Certified Firewall Analyst (GCFW)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Windows Security Administrator (GCWN)
• GIAC Certified UNIX Security Administrator (GCUX)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Security Leadership Certification (GSLC)
• GIAC Systems and Network Auditor (GSNA)
• GIAC ISO 27000 Specialists (62700)
• GIAC Certified Forensics Examiner (GCFE)
• GIAC Information Security Professional (GISP)
• GIAC Information Security Fundamentals (GISF)
• Certified Penetration Tester (GPEN)
• Information Security Management Systems Lead Auditor (IRCA)
• Information Security Management Systems Principal Auditor (IRCA)
• MCITP Microsoft Certified IT Professional
• Microsoft Certified Systems Administrator (MCSA)
• Microsoft Certified Systems Engineer (MCSE)
• Master Business Continuity Planner (MBCP)
• Systems Security Certified Practitioner (SSCP)

Once the candidate successfully clears the CISSP exam, his/her qualifications need to be endorsed by another CISSP in good standing. The endorser attests the candidate’s assertions regarding professional experience. If you cannot find a certified individual to act as an endorser, (ISC)² will act as an endorser for you. For further details visit (ISC)2 website http://www.isc2.org.

Enroll in our Advanced Executive Program in Cybersecurity which is designed to help you pass exams in your first attempt and give you deep expertise that you’ll be able to draw upon throughout your IT career.

FAQs

1. Can I take the CISSP exam without experience?

No, candidates must have a minimum of five years of cumulative, paid, full-time work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK). However, candidates with a four-year college degree or an approved credential may be eligible for a one-year experience waiver.

2. Can anybody take the CISSP?

While anyone can technically register for the CISSP exam, only individuals who meet the experience requirements outlined by (ISC)² are eligible to attain CISSP certification. The certification is designed for experienced professionals working in the field of information security, and candidates must demonstrate a comprehensive understanding of cybersecurity concepts across various domains.

3. Does CISSP require coding?

No, CISSP certification does not specifically require proficiency in coding. While having some knowledge of coding languages may be beneficial, particularly in domains such as Software Development Security, CISSP focuses more on the broader principles and practices of information security, risk management, and security governance.