CISSP Exam Outline-V1115
CISSP Exam Outline-V1115
CISSP Exam Outline-V1115
The broad spectrum of topics included in the CISSP Common Body of Knowledge (CBK) ensure its relevancy
across all disciplines in the field of information security. Successful candidates are competent in the following
8 domains:
Experience Requirements
Candidates must have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8
domains of the CISSP CBK. Earning a 4-year college degree or regional equivalent or an additional credential
from the (ISC)² approved list will satisfy 1 year of the required experience. Education credit will only satisfy 1
year of experience.
A candidate that doesn’t have the required experience to become a CISSP may become an Associate of (ISC)²
by successfully passing the CISSP examination. The Associate of (ISC)² will then have 6 years to earn the 5
years required experience.
Accreditation
CISSP was the first credential in the field of information security to meet the stringent requirements of ANSI/
ISO/IEC Standard 17024.
Testing center (ISC)2 Authorized PPC and PVTC Select Pearson VUE
Testing Centers
Total: 100%
Total: 100%
1.3 Compliance
1.4 Understand legal and regulatory issues that pertain to information security in a global
context
»» Computer crimes »» Trans-border data flow
»» Licensing and intellectual property (e.g., »» Privacy
copyright, trademark, digital-rights management) »» Data breaches
»» Import/export controls
1.6 Develop and implement documented security policy, standards, procedures, and
guidelines
1.11 Integrate security risk considerations into acquisition strategy and practice
1.12 Establish and manage information security education, training, and awareness
2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission
owners)
2.5 Determine data security controls (e.g., data at rest, data in transit)
»» Baselines »» Standards selection
»» Scoping and tailoring »» Cryptography
3.3 Select controls and countermeasures based upon systems security evaluation models
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution
elements
»» Client-based (e.g., applets, local caches) »» Distributed systems (e.g., cloud computing, grid
computing, peer to peer)
»» Server-based (e.g., data flow control)
»» Cryptographic systems
»» Database security (e.g., inference, aggregation,
data mining, data analytics, warehousing) »» Industrial control systems (e.g., SCADA)
»» Large-scale parallel data systems
3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)
3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g.,
network-enabled devices, Internet of things (loT))
5.7 Manage the identity and access provisioning lifecycle (e.g., provisioning, review)
6.3 Collect security process data (e.g., management and operational controls)
»» Account management (e.g., escalation, »» Backup verification data
revocation) »» Training and awareness
»» Management review »» Disaster recovery and business continuity
»» Key performance and risk indicators
»» Firewalls »» Sandboxing
»» Intrusion detection and prevention systems »» Honeypots/Honeynets
»» Whitelisting/Blacklisting »» Anti-malware
»» Third-party security services
7.10 Participate in and understand change management processes (e.g., versioning, baselining,
security impact analysis)
7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)
Legal Info
For any questions related to (ISC)²’s legal policies, please contact the (ISC)2 Legal
Department at legal@isc2.org.
Any Questions?
(ISC)² Candidate Services
311 Park Place Blvd, Suite 400
Clearwater, FL 33759
(ISC)² Americas
Tel: +1.727.785.0189
Email: info@isc2.org
(ISC)² EMEA
Tel: +44 (0)203 300 1625
Email: info-emea@isc2.org
CISSP Certification
v1115 Exam Outline 16