CISSP (Certified Information Systems Security Professional) is an information security certification granted by organization (ISC)2.
This post explains the procedure to get CISSP certification through a series of frequently asked questions (FAQs) that are set in logical order.
All questions that are related to the CISSP exam itself (that it is just one of the many requirements to get the CISSP certification) have been written on a different post in this blog.
From hardest to easiest, these are the ISC2 certifications: ISSAP, ISSEP, ISSMP CISSP, CCSP, CSSLP, HCISPP, CGRC, SSCP, and CC.
FAQ
What are the typical roles that apply for this certification?
Roles that may apply for this certification:
- Chief Information Security Officer
- Chief Information Officer
- Director of Security
- IT Director/Manager
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Auditor
- Security Architect
- Security Consultant
- Network Architect
What are the requirements to get CISSP Certification?
To get CISSP Certificaiton you need to meet this requirements:
- Achieving a passing score on the CISSP exam within 2 years before applying for certification
- Obtain an endorsement from an existing (ISC)2 member
- Pay (ISC)2 Annual Maintenance Fee (AMF)
- Subscribe to the (ISC)2 Code of Ethics
To become a Member instead of an Associate, you also need:
- Meet the required professional experience
Each requirement is explained in more detail in further questions.
How much cost to get CISSP Certification?
The quick answer is that getting CISSP Certification cost around a thousand dollars ($1,000).
The standard cost, given the assumptions below, is $969.00.
Breakdown:
- Preparation material (Sybex Study Guide & Practice Test Bundle): $95.00
- Exam Fees (incl. taxes): $749.00
- Annual ISC2 Membership Fee: $125.00
Assumptions:
- The only preparation material you use is Sybex’s Study Guide & Practice Test, and you do not take online courses or similar.
- You pass the exam on the first attempt
In my case, the actual total cost was 873.57 EUR, considering 68.92 EUR of preparation material and 804.65 EUR of exam fees.
In addition, you will need extra costs to maintain the certification yearly.
What is the professional experience required to get CISSP Certification?
To get the CISSP require a minimum of 5-year experience in relevant areas.
1-year of experience can be replaced with one year of education or specific IT certifications, as for example:
- An active certification that appears on the ISC2 Approved List
- A 4-year Baccalaureate degree
Experience must be related to 2 of the 8 CISSP Common Body of Knowledge (CBK) domains. These domains are detailed below.
Part -time experience cannot be less than 20 hours a week and no more than 34 hours a week.
1040 hours of part-time = 6 months of full time experience
2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. Will need documentation on company/organization letterhead confirming applicantion’s position as an intern. If they are interning at a school, the document can be on the registrar’s stationery. Interns may be gaining valuable experience without monetary compensation.
Read this article for more information about CISSP requirements.
What are the IT certifications that can redeem 1-year of experience?
IT certifications that can redeem 1-year of experience:
- CAP (Certified Authorization Professional)
- ISACA’s CISM
- ISACA’s CISA
- CCIE (Certified Internetwork Expert)
- CCNA Security (Cisco Certified Network Associate Security)
- CASP (CompTIA Advance Security Practitioner)
- CompTIA Security+
- CySA+ (CompTIA Cybersecurity Analyst)
- Many GIAC certifciations
Check the full list on this link
What are the CISSP domains where I must have previous experience?
Domains have a double function:
- Restrict the subjects where you must have professional experience
- Define the content of the CISPP exam
Exam questions are related to any of these domains, but they are not equally distributed and some topics are more frequent. This proportion of domain distribution is pre-set, and changes over the time. The percentage included here change over the time.
Domains that must be studied:
- Domain 1. Security and Risk Management (15%)
- Domain 2. Asset Security (10%)
- Domain 3. Security Architecture and Engineering (13%)
- Domain 4. Communication and Network Security (13%)
- Domain 5. Identity and Access Management (IAM) (13%)
- Domain 6. Security Assessment and Testing (12%)
- Domain 7. Security Operations (13%)
- Domain 8. Software Development Security (11%)
As said, you need to have professional experience on at least 2 domains.
I don’t have the required experience (yet). Can I pass the exam?
You can pass the exam without the required experience.
However, if you want to get CISSP Member certification, you need to meet requirements in 2 years after passing the exam. Otherwise, you will miss your chance to get the certification.
There is one figure known as CISSP Associate, that allows you to be entitled like this for 6 years until you get the necessary professional experience.
How is CISSP exam? How do I prepare it?
Please check this post.
Then, how is CISSP-CAT exam?
The score system in the newer exam is quite complex.
I would recommend not to worry on this and focus on preparing the exam itself.
There are three types of questions:
- Four-option multiple-choice single-answer
- Four-option multiple-choice multiple-answer
- Advanced innovative questions
Most of the questions are four-option, multiple-choice questions with a single answer.
Some multiple-choice questions may allow you to select more than one answer.
Advance innovative questions
And how is old CISSP exam?
CISSP old exam is the one used for non-English versions of CISSP exam.
It is a 250-question linear, fixed-form flat exam.
I failed the exam. Can I retake it?
You can retake the exam under some conditions:
- You can take the CISSP exam a maximum of 4 times in a 12-month period
- You must wait 30 days after your first attempt before trying a second time
- You must wait an additional 60 days after your second attempt before trying a third time
- You must wait an additional 90 days after your third or subsequent attempts before trying again
You can find the official policy on this link.
Do I need to get endorsed after passing the exam?
Yes, you need to get endorsed by an existing (ISC)2 member after passing the exam.
You need to be endorsed as much as 9 months after you pass the exam.
Who can endorse me?
The person endorsing you need to meet the following criteria:
- Is an active (ISC)² credential holder in good standing
- Is able to attest to your professional experience
If you do not know an (ISC)²-certified professional, you may request (ISC)² to endorse your application.
In order to be endorsed, you need to get:
- Endorser’s last name
- Endorser’s member ID (it consists of 6 digits)
How do I proceed for endorsement?
You need to complete the Endorsement web (or Online Endorsement Application, probably outdated).
Follow the steps:
- Choose membership type. In case you do not have yet the required CISSP experience to become a full member, choose “Associate”; otherwise choose “Member”.
- Enter endorser details. Enter the endorser details, and then the person endorsing you (the endorser) will be notified to fill their part. If you don’t know an endorser, mark “Request ISC2 to endorse you”.
- Provide 1-year experience waiver evidence (optional)
- Provide job history evidence
You can find more information about endorsement process on this external link.
How do I pay the Annual Maintenance Fee?
Once you are endorsed, you need to pay the (ISC)2 Annual Maintenance Fee (AMF). It is $135 as of 2024.
There is an (ISC)2 Annual Maintenance Fee per membership, i.e. it is valid for all (ISC)2 certifications. If you are already paying the AMF, you do not need to pay it again.
You can pay the AMF by logging in at (ISC)2 webiste and going to menu bar > Profile > Dashboard > Maintenance Fee.
More information about the Annual Maintenance Fee can be found in this external link.
What is the (ISC)2 Code of Ethics?
The (ISC)2 Code of Ethics must be accepted if you want to get CISSP Certification.
You can check the (ISC)2 Code of Ethics on this external link.
How do I get support during the process?
You can find (ISC)2 contact information on this external link.
How can I check how many people has already CISSP certification?
ISC2 provided a website to check the number of certified people by country, but it is not always available.
You can have a try on this external link.
How to maintain CISSP Certification?
Requirements to keep CISSP Certifications:
- Pay annual maintenance fee (AMF)
- Earn 120 CPE credits each three-year period
As of 2021, annual maintenance fees (AMF) for the CISSP credentials are $125 per year.
For more information about the AMF, check this external link.
You must also complete continuing professional education requirements. You need to earn 120 Continuing Professional Education (CPE) credits by your third-year anniversary.
Take into account that the 3-year period is counted from the first day of the month when you obtained the certification. For example, if you passed the exam on 18 April, the CPE period would be from 1-Apr-2000 to 31-Mar-2003.
For more information about CPE, check the (ISC)2 CPE Handbook and the CPE Opportunity page.
How do I recertificate for a lapsed credential?
If you are seeking recertification for a lapsed credential, do not use this application. Instead, please contact programs@isc2.org directly.
You might be also interested in…
- How to prepare CISSP Exam
- How to get CISA Certification
- How to get CISM Certification
- How to get Certified Ethical Hacker (CEH) Certification
External references
- ISC2; “CISSP Certification“