(ISC)² recently announced the CISSP certification has been formally recognized as comparable to the U.K.’s Master’s degree standard, following the completion of an independent benchmarking process. We’ve compiled information here to help members – especially those in the U.K. and across Europe – understand this achievement.

What does the CISSP being assessed as comparable to the U.K. Master’s Degree Standard mean for me and other CISSPs?

While the value and importance of a globally-understood cybersecurity certification is well known within the (ISC)² community, reinforcing the meaning of the certification in relation to other forms of education, and professional distinction and accomplishments is equally important. Doing so aids understanding across educational institutions and employers, and also supports members in unlocking even more value from their hard work by helping in their future career progression.

Who evaluated the CISSP?

This assessment was conducted by U.K. NARIC, the U.K.’s government-designated agency responsible for providing information and expert guidance on academic, vocational and professional qualifications from across the world. It conducted an in-depth study of the CISSP certification, using its well-established methodology for credential evaluation. This involved reviewing core qualification components as well as a comparative analysis of the skills assessed during a candidate’s examination against the Regulated Qualifications Framework (RQF).

What is the RQF?

The U.K.’s Regulated Qualifications Framework (RQF) categorizes qualifications based on their scope, and their level of challenge or difficulty.

The RQF Levels are:

• Level 1 – GCSEs (grades 3-1: previously D-G)
• Level 2 – GCSEs (grades 9-4: previously A*-C), CSE grade 1, O level grade A, B or C
• Level 3 – Advanced level (A level) grade A-E, AS level, Vocational level 3
• Level 4 – Vocational Qualification level 4, CertHE, HNC
• Level 5 – Vocational Qualification level 5, Foundation Degree, DipHE, HND
• Level 6 – Bachelor’s Degree (with or without honors)
• Level 7 – Master’s Degree, Postgraduate Certificate and Diploma, PGCE
• Level 8 – Doctor of Philosophy (DPhil or PhD)

Using this methodology for credential evaluation, U.K. NARIC examined core qualification components as well as a comparative analysis of the skills assessed in the CISSP examination to the RQF and other suitable reference points. The conclusion of this study found that the CISSP certification assessed knowledge and skills comparable to RQF Level 7 standard.

What about the CISSP qualifies it for RQF Level 7?

U.K. NARIC’s assessment made specific reference to the CISSP certification’s clear emphasis on assessing specialized cybersecurity knowledge, and the understanding and application of skills. This includes elements such as organizational problem solving and decision making, awareness and correct use of industrial standards, policy and best practice, along with understanding and appropriate use of methodologies, techniques and training in relation to cybersecurity.

Does this mean that the CISSP is the same as a Master’s degree?

No. RFQ Level 7 means that earning the CISSP is considered an educational achievement that is the same level needed to achieve a Master’s degree, according to U.K. NARIC.

Within the RQF levels, qualifications are not all required to demonstrate the same amount of study or assessment time. Many factors are taken into account to determine the RQF level of a qualification, such as the pass criteria, the level of knowledge, understanding and skills tested, ongoing professional development requirements for maintaining certification, and how those tests are performed, among others. It is not just based on time to completion, or years put toward earning each level of achievement.

I have a CISSP. Is it fair for me to say I now have a Master’s?

No, you have not earned a Master’s or postgraduate qualification as a result of this recognition. However, the CISSP being comparable to RQF Level 7 means that there is a recognised standard framework against which to position the CISSP certification with employers, government agencies and education institutions. This is particularly useful when applying for things such as course credit for other higher education courses, positioning your certification when applying for new roles or promotions, or validating qualifications across borders.

Where does RQF Level 7 recognition apply?

The recognition of the CISSP certification as RQF Level 7 applies in the U.K. However, as the RQF is mapped to the European Qualifications Framework (EQF), the Level 7 status is also recognised across Europe.

Does RQF Level 7 recognition apply in the U.S. or outside of Europe?

It is not formally recognised in the U.S. or elsewhere, as there is no like-for-like education framework, but the U.K. and European recognition may still be accepted by some educational institutions at their own discretion for course credit and proof of eligibility.

Does this change how I can describe my certification on my CV, LinkedIn or biography?

No. The existing rules on how you can describe and use your certification status remain unchanged. You can review our credential usage policy here . Enforcing these requirements is an important part of our accreditation process for all (ISC)² credentials. This applies to all retired designations as well.

Can I learn more about U.K. NARIC?

More information about the U.K. NARIC process can be found in the Benchmarking the (ISC)² CISSP Qualification Executive Summary.