Certified Information Systems Security Professional Certification was the first technology-related credential to earn ANSI/ISO/IEC Standard 17024 accreditation, making it the Gold Standard within the information security industry. This makes CISSP is one of the most sought after certification and a globally recognized standard of achievement. CISSP practice exams can help candidates clear it in the first attempt.

Once you achieve your CISSP certification you become member of the elite network of information security professionals and you also enjoy exclusive benefits as an (ISC)² member, including valuable resources such as access to leading industry conference registrations worldwide, access to information security webinars,  subscription to—InfoSecurity Professional  which is (ISC)2’s members-only digital magazine, access to a Career Center with current job listings, peer networking and idea exchange, and others.

The (ISC)2 board of directors continually review the entire spectrum of the consortium’s education and certification programs to ensure that (ISC)2 continues to provide the “gold standard” of professional certification in the information security industry.  To maintain the rigorous standard of CISSP and to meet the challenges of ever-increasing threat environment, the (ISC)2 has set the following requirements for achieving CISSP certification.

CISSP Certification Course

The requirements include the following components:

CISSP Experience requirements:

Applicants must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)² CISSP CBK, OR

Four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a four-year college degree or a credential from the (ISC)2-approved list, OR

If you don’t have the experience you can become an Associate of (ISC)² by successfully passing the CISSP exam. You’ll have six years to earn your experience to become a CISSP.

Note that only a one-year experience exemption is granted for education. Then again, there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2 approved list. Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires Information Security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual full-time Information Security work (not just Information Security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.

Ten domains of CISSP CBK

CISSP is divided into 8 areas or domains, known collectively as the ‘Common Body of Knowledge CBK’. These domains are:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assesment and Testing
  • Security Operations
  • Software Development Security

CEH (v12) - Certified Ethical Hacking Course

Get trained on advanced methodologies hackers useView Course
CEH (v12) - Certified Ethical Hacking Course

CISSP Professional Experience Requirements

CISSP professional experience includes but not limited to:

  • Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
  • Work requiring habitual memory of a body of knowledge shared with others doing similar work.
  • Management of projects and/or other employees.
  • Supervision of the work of others while working with a minimum of supervision of one’s self.
  • Work requiring the exercise of judgment, management decision-making, and discretion.
  • Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
  • Creative writing and oral communication.
  • Teaching, instructing, training and the mentoring of others.
  • Research and development.
  • The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
  • Applicable job title examples are CISO, Director, Manager, Supervisor, Analyst, Cryptographer, Cyber Architect, Information Assurance Engineer, Instructor, Professor, Lecturer, Investigator, Computer Scientist, Program Manager, Lead, etc.

Approved Credentials for Experience Waiver:

  • CCSP (Cisco Certified Security Professional)
  • CCNP Security (Cisco Certified Network Professional Security)
  • CERT Certified Computer Security Incident Handler (CSIH)
  • Certified Business Continuity Planner
  • Certified Computer Crime Investigator (Advanced) (CCCI)
  • Certified Computer Crime Prosecutor
  • Certified Computer Examiner (CCE)
  • Certified Forensic Computer Examiner (CFCE)
  • Certified Fraud Examiner (CFE)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Internal Auditor (CIA)
  • Certified Protection Professional (CPP)
  • Certified Wireless Security Professional (CWSP)
  • CIW Web Security Associate
  • CIW  Security Analyst
  • CIS Web Security Professional
  • CIW Web Security Specialist
  • CompTIA Security+
  • Cyber Security Forensic Analyst (CSFA)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Security Essentials Certification (GSEC)
  • GIAC Certified Firewall Analyst (GCFW)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Windows Security Administrator (GCWN)
  • GIAC Certified UNIX Security Administrator (GCUX)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Security Leadership Certification (GSLC)
  • GIAC Systems and Network Auditor (GSNA)
  • GIAC ISO 27000 Specialists (62700)
  • GIAC Certified Forensics Examiner (GCFE)
  • GIAC Information Security Professional (GISP)
  • GIAC Information Security Fundamentals (GISF)
  • Certified Penetration Tester (GPEN)
  • Information Security Management Systems Lead Auditor (IRCA)
  • Information Security Management Systems Principal Auditor (IRCA)
  • MCITP Microsoft Certified IT Professional
  • Microsoft Certified Systems Administrator (MCSA)
  • Microsoft Certified Systems Engineer (MCSE)
  • Master Business Continuity Planner (MBCP)
  • Systems Security Certified Practitioner (SSCP)

Develop Skills for Real Career Growth!

CISSP Certification Training CourseExplore Program
Develop Skills for Real Career Growth!

Once the candidate successfully clears the CISSP exam, his/her qualifications need to be endorsed by another CISSP in good standing. The endorser attests the candidate’s assertions regarding professional experience. If you cannot find a certified individual to act as an endorser, (ISC)² will act as an endorser for you. For further details visit (ISC)2 website http://www.isc2.org.

Enroll in our Advanced Executive Program in Cybersecurity which is designed to help you pass exams in your first attempt and give you deep expertise that you’ll be able to draw upon throughout your IT career. 

About the Author


Simplilearn is one of the world’s leading providers of online training for Digital Marketing, Cloud Computing, Project Management, Data Science, IT, Software Development, and many other emerging technologies.

View More
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.