nnISC2 regularly updates to the CISSP Detailed Content Outline (DCO)nfollowing a new job task analysis (JTA) process, to keep the examnaligned to real-world job role expectations.nn
nn
Effective from April 15, 2024, ISC2 will refresh the CISSP credential exam.nISC2 regularly updates the exams and domain weighting for itsncertifications.n
nnThe updates to the CISSP exam are a result of the latest Job Task Analysisn(JTA), which is run on a triennial cycle as an analysis of the currentncontent of the credential, evaluated by ISC2 members to ensure it accuratelynreflects cybersecurity job roles and tasks.n
nnAs a result of the insights and changes prompted by the JTA, the domainnweights for the CISSP will change as follows:n
n| n | nn
n Current (Effective May 1, 2021)n n |
n
n
n Effective April 15, 2024n n |
n |
| n
n 1n n |
n
n
n Security and Risk Managementn n |
n
n
n 15%n n |
n
n
n 16%n n |
n
| n
n 2n n |
n
n
n Asset Securityn n |
n
n
n 10%n n |
n
n
n 10%n n |
n
| n
n 3n n |
n
n
n Security Architecture and Engineeringn n |
n
n
n 13%n n |
n
n
n 13%n n |
n
| n
n 4n n |
n
n
n Communication and Network Securityn n |
n
n
n 13%n n |
n
n
n 13%n n |
n
| n
n 5n n |
n
n
n Identity and Access Management (IAM)n n |
n
n
n 13%n n |
n
n
n 13%n n |
n
| n
n 6n n |
n
n
n Security Assessment and Testingn n |
n
n
n 12%n n |
n
n
n 12%n n |
n
| n
n 7n n |
n
n
n Security Operationsn n |
n
n
n 13%n n |
n
n
n 13%n n |
n
| n
n 8n n |
n
n
n Software Development Securityn n |
n
n
n 11%n n |
n
n
n 10%n n |
n
| n | nn
n Total:n n |
n
n
n 100%n n |
n
n
n 100%n n |
n
nWhat Has Changed?n
nnDomain 1, Security and Risk Management, has increased in weight from 15% ton16%. Domain 8, Software Development Security, has decreased in weight fromn11% to 10%. All other domain weights remain the same.n
nnIn addition to the domain weighting changes, the time limit for thencomputerized adaptive testing (CAT) exam will be a maximum of three hoursnbeginning April 15, 2024. Candidates taking the CAT version of the examn(currently only available in English) will see a minimum of 100 and anmaximum of 150 items. The linear (Chinese, German, Japanese, Korean andnSpanish) exam length will remain six hours. Candidates taking the linearnversion of the exam will receive 225 total items.n
nnWhy Are Things Changing?n
nnGiven the rate of evolution within the cybersecurity sector, its necessarynto regularly review and update credential exams to maintain alignment withntrends, issues, threats and technologies. We have an obligation to membersnto maintain the relevancy of our credentials using standardized andnrepeatable processes such as the JTA.n
nnThis ensures that the exam items and subsequent continuing professionalneducation requirements fully encompass the topic areas relevant to the rolesnand responsibilities of today’s practicing cybersecurity professionals.n
nnMore detailed differences to the tasks and subtasks can be found in thennexam outline.
n- n
- For more information about the changes, please visit our full FAQn n here. n
- Purchase your exam voucher withn n Peace of Mind Protectionn n and get the assurance of a second sitting, if needed – when purchased inn the month of November. n
- Our exams and course content is developed by member volunteers. Find outn more about joining our volunteer program and earning CPE credits forn your contribution here. n