CISSP (Certified Information Systems Security Professional) is an information security certification granted by organization (ISC)2.
This post explains the procedure to get CISSP certification through a series of frequently asked questions (FAQs) that are set in logical order.
All questions that are related to the CISSP exam itself (that it is just one of the many requirements to get the CISSP certification) have been written on a different post in this blog.
What are the typical roles that apply for this certification?
Roles that may apply for this certification:
- Chief Information Security Officer
- Chief Information Officer
- Director of Security
- IT Director/Manager
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Auditor
- Security Architect
- Security Consultant
- Network Architect
What are the requirements to get CISSP Certification?
To get CISSP Certificaiton you need to do two things:
- Achieving a passing score on the CISSP exam within 2 years before applying for certification
- Meet the required professional experience
- Obtain an endorsement from an existing (ISC)2 member
- Pay (ISC)2 Annual Maintenance Fee (AMF)
- Subscribe to the (ISC)2 Code of Ethics
Each requirement is explained in more detail in further questions.
How much cost to get CISSP Certification?
The quick answer is that getting CISSP Certification cost around a thousand dollars ($1,000).
The standard cost, given the assumptions below, is $969.00.
- Preparation material (Sybex Study Guide & Practice Test Bundle): $95.00
- Exam Fees (incl. taxes): $749.00
- Annual ISC2 Membership Fee: $125.00
- The only preparation material you use is Sybex’s Study Guide & Practice Test, and you do not take online courses or similar.
- You pass the exam on the first attempt
In my case, the actual total cost was 873.57 EUR, considering 68.92 EUR of preparation material and 804.65 EUR of exam fees.
In addition, you will need extra costs to maintain the certification yearly.
What is the professional experience required to get CISSP Certification?
To get the CISSP require a minimum of 5-year experience in relevant areas.
1-year of experience can be replaced with one year of education or specific IT certifications. These certifications are detailed below.
Experience must be related to 2 of the 8 CISSP Common Body of Knowledge (CBK) domains. These domains are detailed below.
Read this article for more information about CISSP requirements.
What are the IT certifications that can redeem 1-year of experience?
IT certifications that can redeem 1-year of experience:
- CAP (Certified Authorization Professional)
- ISACA’s CISM
- ISACA’s CISA
- CCIE (Certified Internetwork Expert)
- CCNA Security (Cisco Certified Network Associate Security)
- CASP (CompTIA Advance Security Practitioner)
- CompTIA Security+
- CySA+ (CompTIA Cybersecurity Analyst)
- Many GIAC certifciations
Check the full list on this link
What are the CISSP domains where I must have previous experience?
Domains have a double function:
- Restrict the subjects where you must have professional experience
- Define the content of the CISPP exam
Exam questions are related to any of these domains, but they are not equally distributed and some topics are more frequent. This proportion of domain distribution is pre-set, and changes over the time. The percentage included here change over the time.
Domains that must be studied:
- Domain 1. Security and Risk Management (15%)
- Domain 2. Asset Security (10%)
- Domain 3. Security Architecture and Engineering (13%)
- Domain 4. Communication and Network Security (13%)
- Domain 5. Identity and Access Management (IAM) (13%)
- Domain 6. Security Assessment and Testing (12%)
- Domain 7. Security Operations (13%)
- Domain 8. Software Development Security (11%)
As said, you need to have professional experience on at least 2 domains.
I don’t have the required experience (yet). Can I pass the exam?
You can pass the exam without the required experience.
However, if you want to get CISSP certification, you need to meet requirements in 2 years after passing the exam. Otherwise, you will miss your chance to get the certification.
The is one figure known as CISSP Asociate, that allows you to be entitled like this for 6 years until you get the necessary professional experience.
How is CISSP exam? How do I prepare it?
Please check this post.
Then, how is CISSP-CAT exam?
The score system in the new exam is quite complex.
I would recommend not to worry on this and focus on preparing the exam itself.
There are three types of questions:
- Four-option multiple-choice single-answer
- Four-option multiple-choice multiple-answer
- Advanced innovative questions
Most of the questions are four-option, multiple-choice questions with a single answer.
Some multiple-choice questions may allow you to select more than one answer.
Advance innovative questions
And how is old CISSP exam?
CISSP old exam is the one used for non-English versions of CISSP exam.
It is a 250-question linear, fixed-form flat exam.
I failed the exam. Can I retake it?
You can retake the exam under some conditions:
- You can take the CISSP exam a maximum of 4 times in a 12-month period
- You must wait 30 days after your first attempt before trying a second time
- You must wait an additional 60 days after your second attempt before trying a third time
- You must wait an additional 90 days after your third or subsequent attempts before trying again
You can find the official policy on this link.
Do I need to get endorsed after passing the exam?
Yes, you need to get endorsed by an existing (ISC)2 member after passing the exam.
You need to be endorsed as much as 9 months after you pass the exam.
Who can endorse me?
The person endorsing you need to meet the following criteria:
- Is an active (ISC)² credential holder in good standing
- Is able to attest to your professional experience
If you do not know an (ISC)²-certified professional, you may request (ISC)² to endorse your application.
How do I proceed for endorsement?
You need to complete Online Endorsement Application, and then the person endorsing you (the endorser) will be notified to fill his/her part.
You can find more information about endorsement process on this external link.
How do I pay the Annual Maintenance Fee?
Once you are endorsed, you need to pay the (ISC)2 Annual Maintenance Fee (AMF). It is $125 as of 2021.
There is an (ISC)2 Annual Maintenance Fee per membership, i.e. it is valid for all (ISC)2 certifications. If you are already paying the AMF, you do not need to pay it again.
More information about the Annual Maintenance Fee can be found in this external link.
What is the (ISC)2 Code of Ethics?
The (ISC)2 Code of Ethics must be accepted if you want to get CISSP Certification.
You can check the (ISC)2 Code of Ethics on this external link.
How do I get support during the process?
You can find (ISC)2 contact information on this external link.
How to maintain CISSP Certification?
Requirements to keep CISSP Certifications:
- Pay annual maintenance fee (AMF)
- Earn 120 CPE credits each three-year period
As of 2021, annual maintenance fees (AMF) for the CISSP credentials are $125 per year.
For more information about the AMF, check this external link.
You must also complete continuing professional education requirements. You need to earn 120 Continuing Professional Education (CPE) credits by your third-year anniversary.
For more information about CPE, check the (ISC)2 CPE Handbook and the CPE Opportunity page.
You might be also interested in…
- How to prepare CISSP Exam
- How to get CISA Certification
- How to get CISM Certification
- How to get Certified Ethical Hacker (CEH) Certification
- ISC2; “CISSP Certification“