ISC2

CISSP

Certified Information Systems Security Professional

The gold-standard certification for senior security practitioners and managers, covering eight domains from risk management to software security. Frequently required for security leadership and US DoD 8570/8140 roles.

$749Up to 3 hours (English CAT)

What's on the exam

CISSP Exam Outline (effective April 2024)

Security and Risk Management

16%

Security governance and the CIA triad · Compliance and legal/regulatory issues · Risk management concepts · Security policies and awareness · Business continuity requirements

Asset Security

10%

Data and asset classification · Asset handling and retention · Data lifecycle and roles · Data security controls (DLP, DRM)

Security Architecture and Engineering

13%

Security models and design principles · Cryptography · Vulnerabilities of system architectures · Site and facility security · Security capabilities of information systems

Communication and Network Security

13%

Secure network design · OSI and TCP/IP models · Secure protocols · Network components and segmentation · Secure communication channels

Identity and Access Management (IAM)

13%

Identification and authentication · Federated identity and SSO · Authorization mechanisms · Identity lifecycle management · Access control models

Security Assessment and Testing

12%

Vulnerability assessments · Penetration testing · Security audits · Log review and test output analysis · Security control testing strategies

Security Operations

13%

Incident management · Logging and monitoring (SIEM) · Disaster recovery · Investigations and digital forensics · Patch and change management

Software Development Security

10%

Security in the SDLC · Secure coding guidelines · Software security testing · Development environment security · Risk of acquired software

Frequently asked questions

How much does the CISSP cost?

The CISSP costs $749. Plus ISC2 annual maintenance fee after certification.

How long is the CISSP and how many questions does it have?

100–150 items (English CAT) — Up to 3 hours (English CAT).

What do you need to pass the CISSP?

Scaled score of 700 out of 1000.

Can you retake the CISSP?

30 days after first attempt; longer waits for subsequent attempts (max 4 per 12 months).

What is the best way to study for the CISSP?

Study the official blueprint, not random material: the exam is weighted by domain (Security and Risk Management 16%, Asset Security 10%, Security Architecture and Engineering 13%, Communication and Network Security 13%, Identity and Access Management (IAM) 13%, Security Assessment and Testing 12%, Security Operations 13%, Software Development Security 10%). Spaced-repetition flashcards built domain-by-domain against that blueprint are the most time-efficient way to cover everything the exam tests.

Program in development

We're building a blueprint-complete program for this exam. Meanwhile, explore live programs across 7 exam.

Explore programs →

At a glance

Format: Computer-adaptive test (CAT) in English; linear form in other languages
Questions: 100–150 items (English CAT)
Duration: Up to 3 hours (English CAT)
Passing: Scaled score of 700 out of 1000
Eligibility: 5 years of cumulative paid work experience in 2+ domains (1 year waived with a degree); Associate of ISC2 path available without experience
Validity / renewal: 3 years — maintained with 120 CPE credits and annual maintenance fee
Where you take it: Pearson VUE test centers
Retake policy: 30 days after first attempt; longer waits for subsequent attempts (max 4 per 12 months)
Cost: $749 — Plus ISC2 annual maintenance fee after certification

Official sources

ISC2 CISSP Certification ↗

Fees, policies, and blueprints change — always confirm details with the official source before registering.