Home » News » CISSP Exam Requirements

CISSP Exam Requirements

Whether you’re a seasoned cybersecurity professional or a novice, if you want to advance your career, taking the Certified Information Systems Security Professional (CISSP) exam is the first step. 

As the most highly regarded cybersecurity certification, the CISSP will help you land a higher salary and a better job. A few positions that will benefit from CISSP are a Chief Security Officer, Chief Information Officer, Security Analyst, and more.

Like with any test, a crucial element of CISSP success is to know the requirements so you can prepare accordingly. Read on for more information on how to qualify for the CISSP exam. 

Experience Requirements

According to the International Information System Security Certification Consortium (ISC2), the creators of the CISSP, you must have at least five years of work experience before certification. 

Prospective exam-takers should have experience in two or more of the subject domains on the exam, or: 

  • A four-year degree (or equivalent) equals one year of experience
  • Other ISC2 certifications

Note that if you do not have the required experience, you can apply to become an Associate of ISC2 and take the exam. After the exam, you will have six years to complete the five-year CISSP experience requirement to become fully certified.

Some certifications that the ISC2 accepts are Certified Computer Examiner (CCE), Certified Forensic Examiner (GCFE), or Computer Hacking Forensic Investigator (CHFI). 

CISSP Exam Domains

A well-versed knowledge of the eight domains on the CISSP exam is essential for certification. It is required on the exam to demonstrate your familiarity with the domains and the inner workings of each. 

To qualify for the exam, at least two years of work experience must be in one of the listed domains. If your work experience does not quite line up, you can still take the exam – but you must complete the experience requirement before official certification.

A table listing each domain is below.

Domain DescriptionWeight (Avg)
1Security and Risk Management15%
2Asset Security10%
3Security Architecture and Engineering13%
4Communication and Network Security13%
5Identity and Access Management13%
6Security Assessment and Testing12%
7Security Operations13%
8Software Development Security11%

You should have in-depth knowledge of these domains before you take the exam. However, if you aren’t familiar with some of them, don’t worry – read on for more information on each domain and why they are essential for the CISSP exam. 

Security and Risk Management

As the most weighted portion of the exam, this requirement will make or break your CISSP test. 

Since the CISSP exam provides certification in cybersecurity, an intimate knowledge of security and risk management is vital. Some specific requirements for this domain are: 

  1. Professional ethics
  2. Security concepts such as confidentiality
  3. Legal issues with security management
  4. Requirements of information types

Other domain requirements are an understanding of investigation types and Supply Chain Risk Management (SCRM) protocols. Investigation types may include civil, criminal, or industrial investigations. Proficiency in these subjects is a requirement for the CISSP exam because these practices are closely associated with a career in cybersecurity.

Asset Security

Another required domain for the exam is asset security. Asset security essentially means you need to have the ability to identify the assets of a company or data system and assess their security capabilities. 

The focus of this domain on the exam is mainly on the data lifecycle. An understanding of data retention, maintenance, and destruction are all required for the CISSP exam.

You also need to know security programs, how they work, and which ones are best suited for a particular situation. Asset security is on the CISSP exam because data is the central aspect of any system that needs protection. 

Security Architecture and Engineering

Coders and engineers, this domain is for you. This requirement is in place for the engineering side of cybersecurity. A few key points of this domain are: 

  • Secure design principles
  • Ability to assess vulnerabilities of a system
  • Cryptanalytic attacks 

If you have previous experience in engineering or forensic cybersecurity, this requirement won’t be an issue. But if you have no experience in this realm, be sure to gain some awareness of it before you sit down for the test. 

Communication and Network Security

Test takers with experience in the cellular field, WiFi security field, or 5G will meet this CISSP requirement. 

To demonstrate your knowledge of network security, you need to be familiar with cellular networks, wireless networks, IP networking, and related subjects. 

Experience with this domain is a requirement of prospective exam-takers because network security is one of the most desired qualities in the industry. Networks with impressive security systems have CISSP team members on their side.

Identity and Access Management

One of the most popular methods of personal security is Multi-Factor Authentication (MFA). MFA has users enter multiple forms of identification to derail hackers or identity thieves. 

For the CISSP exam, test takers should be aware of the MFA process, and: 

  • Third-party privacy services
  • Implementing authentication systems
  • Manage authorization systems

As networks and companies use these processes daily, knowledge of MFA and personal security is necessary for the exam.

Security Assessment and Testing

If you have experience in consulting, you’re on your way to CISSP qualification! Testing security systems are an integral part of the ISC2 protocol. 

You should also know how to conduct vulnerability assessments, analyze test results, and facilitate security audits to qualify for the exam. 

Security Operations

Those with experience in forensics meet this requirement. ISC2 defines security as evidence collection, complying with investigation measures, and: 

  • Monitoring
  • Resource protection
  • Incident management
  • Disaster recovery plans

Security is literally and figuratively the core of CISSP, making it a requirement on the CISSP exam. 

Software Development Security

Do you have previous experience at a start-up or application software company? If yes, you may qualify for the CISSP exam. 

Along with software development, this domain of CISSP relies on secure coding, acquired software security, and security controls.

Pricing and Preparation

After you establish that you’re qualified for CISSP certification, it’s time to schedule your test.

ISC2 recently updated its pricing options for online exams. The cost to take the exam in the US is $749. Also, if you reschedule your exam, there is a $50 fee. If you cancel your exam, you have to pay $100. 

If you qualify for the exam but can’t afford it, don’t sweat it. ISC2 offers an exam voucher.


ISC2 offers four methods of exam preparation. Since they created the test, the ISC2 preparation program makes the most sense, but other options are available. The ISC2 offerings are: 

  • Classroom
  • Online instructor-led
  • Online self-paced
  • Self-Study tools

Other preparation options include the Dooey CISSP training course that you can learn more about here.

Frequently Asked Questions

If you still have questions about requirements for the CISSP exam, read on for common questions asked by prospective test-takers. 

What are the CPE Requirements for CISSP?

After you pass the exam, your learning doesn’t just stop! Continuing Professional Education credits (CPE) are courses taken in your field that go beyond exam material. 

The ISC2 suggests at least 40 hours of CPE each year to uphold your certification. There are no specified CISSP CEU requirements – you only need CPE credit hours.

Note that these credits are not required – just strongly recommended. 

How Long is CISSP Certification Valid?

Once you pass the exam and finish your experience requirements, you are certified for three years with the CISSP. 

You can complete 40 hours of CPE annually, or you can opt to take the exam every three years. Both methods renew CISSP certification.

How Hard is CISSP to Pass?

We won’t lie – pass rates for the CISSP exam are estimated to be below 50%, but the ISC2 doesn’t release that information to the public.

But don’t let that deter you from taking the exam. Some tips are: 

  • Schedule the exam well in advance 
  • Use multiple study methods
  • Take practice exams

As long as you meet the qualifications and prerequisites for the exam, there’s no reason you won’t ace it with flying colors. 

Can Anyone Take the CISSP Exam?

No, only those with the proper experience qualifications can take the CISSP exam. Anyone with those requirements can, but if you have no interest in the field, CISSP certification most likely isn’t for you.

What is the Average Salary of a CISSP?

Although salaries vary, most CISSP certified employees make anywhere from $60,000 to $175,000 per year. 

Remember that this depends on where you live, work, and experience level, so you may start at a slightly lower rate. 

Key Takeaways 

CISSP certification is one of the most sought-after attributes of prospective employees today. Cybersecurity as a whole is rapidly growing, and many companies are in desperate need of CISSP team members.

The CISSP exam is a must-have if you want to be fully certified. But with the right qualifications, mindset, and work experience, the coveted tech career is well within reach.