CISSP
ISC2 CISSP
The CISSP (Certified Information Systems Security Professional) from ISC2 is the most globally recognized cybersecurity management certification. It uses Computerized Adaptive Testing (CAT) and covers 8 security domains — from risk management and asset security through software development security. CISSP requires 5 years of paid security experience and is the benchmark credential for security managers, directors, and CISOs.
CISSP Exam Overview
| Detail | Information |
|---|---|
| Full Name | ISC2 CISSP |
| Governing Body | ISC2 |
| Number of Questions | 125 |
| Time Limit | 3 hours |
| Passing Score | 700/1000 |
| Exam Fee | $699 USD |
| Category | IT Certifications |
| C3RT App Available On | iPhone, iPad, and Mac |
| Official Source | ISC2 official website ↗ |
CISSP Content Areas and Domains
| Domain / Content Area | Exam Weight |
|---|---|
| Security and Risk Management | 15% |
| Asset Security | 10% |
| Security Architecture and Engineering | 13% |
| Communication and Network Security | 13% |
| Identity and Access Management | 13% |
| Security Assessment and Testing | 12% |
| Security Operations | 13% |
| Software Development Security | 11% |
Domain weights are approximate and based on the ISC2 content outline. Always verify at the official source before your exam.
Topics Covered
- ✓ Security & Risk Management — governance, legal frameworks, risk analysis, business continuity
- ✓ Asset Security — data classification, data lifecycle, privacy protection, retention
- ✓ Security Architecture & Engineering — secure design principles, cryptography, security models, vulnerabilities
- ✓ Communication & Network Security — network architecture, protocols, secure communication channels
- ✓ Identity & Access Management — identification, authentication, authorization, federated identity, OAuth/SAML
- ✓ Security Assessment & Testing — testing methodologies, log reviews, vulnerability assessment, pen testing oversight
- ✓ Security Operations — investigations, incident management, disaster recovery, change management
- ✓ Software Development Security — SDLC security, application vulnerabilities, DevSecOps, code review
How C3RT Helps You Pass the CISSP
Adaptive Practice
Questions adapt to your weak areas automatically so every study session on the CISSP is time well spent.
Diagnostic Mocks
Full-length mock exams timed to the real CISSP format with detailed score breakdowns by topic.
Mistake Bank
Every wrong answer is saved for targeted re-drill. The system resurfaces your mistakes until they stick.
Native on iOS & Mac
Built with SwiftUI, not a web wrapper. Instant load, offline support, hardware-speed rendering.
CISSP Frequently Asked Questions
What does CISSP stand for?
CISSP stands for ISC2 CISSP. It is administered by ISC2.
Who administers the CISSP?
The ISC2 CISSP (CISSP) is administered by ISC2. For official information, visit the ISC2 website.
How many questions is the CISSP?
The CISSP consists of 125 questions. Candidates are given 3 hours to complete the exam.
What is the passing score for the CISSP?
The passing score for the CISSP is 700/1000, as set by ISC2. Scoring methodology and passing standards may be updated periodically. Always verify current requirements with the governing body.
How much does the CISSP exam cost?
The CISSP exam fee is $699 USD. This fee is set by ISC2 and may vary by testing centre, region, or membership status. Additional fees for registration or rescheduling may apply.
What is the CISSP experience requirement?
CISSP requires 5 years of paid full-time work experience in at least 2 of the 8 CISSP CBK domains. A 4-year college degree or approved certification (like CCNA, Security+) waives 1 year. Candidates without the required experience can pass the exam and become an Associate of ISC2, then earn the full CISSP after accumulating the required experience.
What makes CISSP unique compared to other cybersecurity exams?
CISSP uses Computerized Adaptive Testing (CAT) — the exam adapts question difficulty based on your answers. With CAT, you see 125–175 questions in 3 hours (not a fixed number). The exam tests at the "manager level" — you must think like a senior security manager making risk-based decisions, not a technical practitioner. The hardest part for technical candidates is learning to answer from a management perspective.
How long does CISSP preparation take?
Most candidates with relevant experience spend 3–6 months studying, typically 1–2 hours daily. The recommended study approach includes: reading the ISC2 official CISSP study guide, practicing with thousands of questions (especially CISSP-specific scenario questions), and focusing on "why" and business context rather than technical "how." The C3RT app provides 6,000 CISSP practice questions.
Which is harder — CISSP or CISM?
Both are difficult senior-level credentials, but CISSP covers 8 broad technical and management domains, making the breadth of knowledge required larger. CISM focuses on 4 management-centric domains with more depth in security governance and program management. Technical candidates typically find CISSP harder due to its scope; management-focused candidates may find CISM harder due to its strategic orientation. Both require significant experience.
How difficult is the ISC2 CISSP exam?
The CISSP is widely regarded as one of the most challenging security certifications in the industry. It uses Computerized Adaptive Testing (CAT), delivering 125–175 questions, and requires candidates to demonstrate expert-level thinking rather than just recall. Pass rates are not officially published, but industry estimates suggest around 50–60% of first-time candidates pass. Many experienced security professionals need multiple attempts.
What are the eligibility requirements for ISC2 CISSP?
You must have five years of paid, full-time work experience in two or more of the eight CISSP domains. A four-year degree or an approved credential (such as CCSP, SSCP, or Security+) can waive one year of the experience requirement, but at minimum four years of experience are needed. If you pass the exam without meeting the experience requirement, you become an Associate of ISC2 and have up to six years to earn the needed experience — allowing candidates to pursue the CISSP exam early in their career.
How long should I study for the CISSP?
Most candidates invest 3–6 months of dedicated preparation. The Official ISC2 CISSP Study Guide, Destination CISSP by Rob Witcher, and the "Shon Harris" guide are popular resources. Understanding concepts rather than memorizing facts is critical — the exam rewards security management thinking and the mindset of a "manager" rather than a technician.
What career value does the CISSP provide?
CISSP is the gold standard management-level security credential and is widely required for CISO, Security Manager, Security Architect, and senior consultant roles. CISSP-certified professionals typically earn $110,000–$160,000+, making it one of the highest-paying IT certifications in existence.
What is the ISC2 CISSP retake policy?
After a first failure, you must wait 30 days before retesting. After a second failure, a 60-day wait applies. After a third failure, a 90-day wait applies. You are permitted a maximum of three attempts per year. After each failed attempt you receive a detailed performance report to guide further study.
How long is the CISSP credential valid?
The CISSP is valid for three years. Recertification requires 120 Continuing Professional Education (CPE) credits over the three-year cycle along with annual maintenance fees paid to ISC2.
What continuing education is required for CISSP renewal?
Renewal requires 120 CPE credits over three years (40 CPE per year minimum, with at least 20 CPE in domain-specific content annually). ISC2 also charges an Annual Maintenance Fee (AMF). CPE can be earned through attending security conferences, completing training, writing articles, volunteering, and other professional activities.
How does CISSP compare to CISM for senior security roles?
CISSP is a technically broad credential covering eight security domains from cryptography to software security, and is preferred in organizations that value both technical depth and security management. CISM (from ISACA) is narrower, focusing specifically on security management and governance, and is favored for enterprise security managers in governance-heavy environments. Many senior security leaders hold both. CISSP typically carries more weight in technical organizations; CISM is more valued in compliance-focused enterprises.
What is the Associate of ISC2 pathway?
The Associate of ISC2 designation is available to candidates who pass the CISSP exam but have not yet accumulated the required five years of work experience. Associates have up to six years to gain the necessary experience and earn endorsement from an active ISC2 member. This pathway allows ambitious early-career professionals to demonstrate CISSP-level knowledge while building experience — the credential officially converts to full CISSP upon meeting the experience requirement.
C3RT is a native iOS and macOS exam preparation platform covering the ISC2 CISSP (CISSP), a IT Certifications certification, administered by ISC2. C3RT is not affiliated with or endorsed by ISC2. Certification names and trademarks are the property of their respective organisations. For official exam registration, eligibility requirements, and content outlines, visit the ISC2 official website ↗ .