CISSP Certification Requirements

This outline covers:

The need for professionalism was a serious topic among computer security practitioners for many years. Professionalism was viewed as the way to upgrade this often ill-defined and poorly understood craft to that of a recognized and disciplined profession. By the mid-1980s, a number of professional societies in North America concluded that a certification process attesting to the qualifications of information security personnel, would enhance the credibility of the computer security profession.

Examination

The eligibility requirements to sit for the CISSP examination are completely separate from the eligibility requirements necessary to be certified as a CISSP.

CISSP Exam Structure

The CISSP Certification examination consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination. Ten CISSP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge:

Exam Objectives / LearnKey Course

Access Control Systems & Methodology

Understand access control techniques and implementation, identification and authentication processes and commonly employed types of attacks.

 

150188
CISSP: Access Control Systems & Methodology

Applications & Systems Development

Understand software development, databases, data storage, and common attacks that must be protected against.

 

150248
CISSP: Applications & Systems Development Security

 

 

Business Continuity Planning

Understand preliminary activities including defining project scope and conducting the Business Impact Analysis (BIA), as well as the planning process, plan implementation and testing.

 

150218
CISSP: Business Continuity & Disaster Recovery Planning

 

 

Cryptography

Understand the history, methodologies and practices of cryptography, as well as common security protocols employing cryptography.

 

150258
CISSP: Cryptography

 

 

Law, Investigation & Ethics

Become familiar with principles of computer law and crime, incident handling, evidence, investigation and ethics.

 

150268
CISSP: Law, Investigation & Ethics

 

Operations Security

Understand security administration, intrusion detection, auditing, threats and countermeasures.

 

150208
CISSP: Operations Security

 

 

Physical Security

Understand common threats, security controls, facility requirements and environmental issues.

 

150278
CISSP: Physical Security

 

Security Architecture & Models

Understand and build security models, as well as understand common security flaws.

 

150198
CISSP: Security Architecture & Models

 

Security Management Practices

Understand security risk assessment, policy and other CBK elements of the Security Management Practices domain.

 

150178
CISSP: Security Management Practices

 

 

Telecommunications, Network & Internet Security

  Understand LAN technologies, devices and architectures, as well as network security techniques, security protocols and common network attacks.

 

150288
CISSP: Telecommunications, Network & Internet Security

 

To sit for the CISSP examination, a candidate must:

  1. Submit the examination application with the required fee.
  2. Assert that he or she possesses a minimum of four years of professional experience in the information security field or three years plus a college degree.
  3. Complete the Candidate Agreement, attesting to the truth of his or her assertions regarding professional experience and legally commit to adhere to the CISSP Code of Ethics.
  4. Successfully answer four questions regarding criminal history and related background.

Certification

To be issued a certificate, a candidate must:

  1. Pass the CISSP exam with a scaled score of 700 points or greater.
  2. Submit a properly completed and executed Endorsement Form.
  3. If the candidate is selected for audit, they must successfully pass that audit of their assertions regarding professional experience.

Endorsement

Once a candidate has been notified of passing the CISSP examination, he or she will be required to have his or her application endorsed by a CISSP before the credential can be awarded. If no CISSP can be found, another qualified professional with knowledge of information systems or an officer of the candidates corporation can be used to validate the candidate's professional experience.

The endorser will attest that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.

Upon receipt of the Endorsement Form and barring a random audit of the candidate's professional experience, the CISSP credential should be awarded within one business day, with a formal notification sent via e-mail.

Auditing

A percentage of the candidates who pass the CISSP examination and submit endorsements will be randomly subjected to audit and required to submit a resume for formal review and investigation.

If audited (subject to results), the credential will be awarded within seven business days and notification sent via e-mail. Naturally, there may be some delays due to mail service or the number of forms received. Also, audits may require additional time for verifying information and/or contacting references.

Post Certification

Once an individual has successfully passed an (ISC)2 credentialing examination, continuing education is required to maintain their certification in good standing.

Continuing Professional Education Credits

In addition to paying an annual maintenance fee and subscribing to the Code of Ethics, a CISSP or SSCP must earn continuing professional education credits every three years - or retake their certification examinations. CPE credits are earned by performing activities largely related to the information systems security profession including, but not limited to, the following: