Blog

Why Does the CISSP Exam Change?

Oct 13, 2020

Updating the CISSP exam – and all (ISC)² exams for that matter –  is a vital part of the certification lifecycle. It ensures that our certifications remain current and relevant in a rapidly changing profession. This, along with our CPE requirements, helps ensure that CISSPs demonstrate their expertise across the latest cybersecurity processes and best practices no matter when they earned their certification.

The administration and rigorous controls to manage the entire lifecycle of our certification exams within (ISC)² are considerable. We have a teams of content developers all holding CISSPs, psychometricians and an array of leading partners to methodically work through our accredited exam development processes. Members’ Annual Maintenance Fees (AMFs) support this entire process to ensure our exams are current, relevant and maintain their top-tier accreditation.  

How is the CISSP Exam Updated?

Updating the CISSP exam, or any (ISC)² exam for that matter, begins with a Job Task Analysis (JTA). We sent out JTA survey invitations to all CISSPs in March of this year asking for your input on the certification’s current domains and subdomains, as well as for feedback on what might be missing from the current blueprint.

Once we get the survey results, we finalize the updated exam blueprint and then begin working with subject matter experts (Want to be one? Learn more here! ) to fill in the new content areas that are added to the blueprint during the JTA. This is all activity done by members for the certifications that they hold. Yes, you can earn CPEs for participating in this process (21 for one workshop), but beyond that you will have the satisfaction of knowing that you are keeping the certification current and relevant for all those who will earn it, and those who already have. 

What are the CISSP Changes?

CISSP-DomainRefresh Last month (ISC)² announced an upcoming update to the CISSP exam . Effective May 1, 2021, the exam will be based on a refreshed exam outline. We also published a CISSP Domain Refresh Guide which can be used as a reference as well.

The number of the domains for the CISSP exam remains eight, and the names of those domains are unchanged. However, two of the domain weights are updating as follows:  

  • Domain 4: Communication and Network Security is decreasing in weight from 14% to 13%
  • Domain 8: Software Development Security is increasing in weight from 10% to 11%

The detailed CISSP exam outline , which includes exam scoring information, domain weights, subdomains and more, for the May 2021 version of the exam is available on the (ISC)² website.