Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors' opinions or evaluations.
The Certified Information Systems Security Professional (CISSP) credential demonstrates mastery of developing and overseeing large-scale cybersecurity programs. When it comes to the best cybersecurity certifications, many consider CISSP the industry’s gold standard. Individuals who meet CISSP requirements can earn the certification and qualify to take on more professional responsibility in their field.
This guide offers information on CISSP certification requirements, including experience, suggested preparation times and CISSP certification exam costs.
What Is CISSP Certification?
CISSP certification, offered by (ISC)2, is an advanced credential for information systems and cybersecurity professionals. This certification highlights an individual’s ability to create, deploy and manage cybersecurity efforts for large organizations.
CISSP certification requirements include a significant amount of professional experience and passing a lengthy exam. This credential suits experienced workers over entry-level and mid-level professionals.
Though this certification is not required by employers, it can boost candidates’ earning power and help them qualify for advanced roles in information security. CISSPs often work in positions like chief information security officer (CISO), network architect, security auditor and security manager, among others.
CISSP Certification Requirements
Aspiring CISSPs should familiarize themselves with the certification’s requirements before pursuing this credential.
CISSP certification requirements stipulate that each candidate must have a minimum of five years of relevant professional experience. (ISC)² specifies eight security domains:
- Domain 1: Security and Risk Management
- Domain 2: Asset Security
- Domain 3: Security Architecture and Engineering
- Domain 4: Communication and Network Security
- Domain 5: Identity and Access Management (IAM)
- Domain 6: Security Assessment and Testing
- Domain 7: Security Operations
- Domain 8: Software Development Security
Prospective CISSPs must accumulate experience in two of the eight domains to meet CISSP certification requirements. They can also apply (ISC)²-approved four-year college degrees and other credentials, which may qualify as a year of experience. Paid and unpaid internships also count toward the CISSP requirement.
Pass the Certification Exam
The CISSP exam covers the eight domains of security in a four-hour test comprising 125 to 175 required responses. These appear as multiple-choice questions and advanced innovative items. Test-takers must earn a 700 out of 1,000 to pass. Candidates register to take the exam with Pearson VUE.
After passing the exam, individuals can apply for endorsement online. The endorsement must come from an (ISC)²-certified professional who can advocate for your professional experience as a credential-holder in good standing. Individuals must receive endorsements within nine months of passing the exam.
Cost of Becoming a CISSP
Earning CISSP certification can deliver many professional benefits, but individuals should also understand the costs associated with pursuing the credential. Along with the required time investment, consider the following CISSP certification exam costs and any required payments relating to preparation and recertification.
CISSP Certification exam Prep
Many organizations offer prep courses for the CISSP certification exam, and their costs vary drastically. Make sure to include exam prep costs, which may range from a few hundred dollars to a few thousand, in your CISSP budget. (ISC)² offers several exam prep methods, including self-paced, instructor-led and team-based options. These offerings can cost over $2,000.
CISSP Certification exam Cost
The CISSP certification exam costs $749. Individuals can receive vouchers from partner organizations after completing CISSP exam training courses.
Individuals must meet CISSP recertification requirements every three years to maintain their credentials. Each certification-holder must earn 120 continuing professional education (CPE) credits over this three-year period. Costs relating to CPEs can vary significantly, but each certified individual must pay an annual $125 fee to (ISC)².
Common Careers for CISSPs
Individuals who have met CISSP requirements and earned their credentials can pursue work in many information security and cybersecurity roles. As of 2021, the number of open cybersecurity roles far outpaces the number of qualified professionals, indicating strong continued demand in the sector.
Data from Cyberseek.org indicates that among current cybersecurity openings requiring certification, CISSP ranks as the most in-demand credential. The following section explores roles for CISSP certification-holders.
Chief Information Security Officer
Average Annual Salary: Around $172,000
Required Education: Bachelor’s degree in cybersecurity, information security or a related field; master’s preferred
Job Description: CISOs rank among the top positions in information security for responsibility and salary. This c-suite role reports directly to the CEO and requires significant experience, practical skills and expertise in information security.
CISOs oversee their organizations’ information security efforts. Often referred to as “chief security officers,” they supervise teams of infosec workers, set organizational directives, establish company-wide best practices and manage resource allotment. CISOs working in large, international businesses may interact with government agencies and congresspeople to ensure compliance with legal standards for information security.
Information Technology Director
Average Annual Salary: Around $123,000
Required Education: Bachelor’s degree in computer science or related field, MBA often preferred
Job Description: IT directors oversee departments of IT workers and manage organizations’ computer systems operations. They provide solutions to companies’ computer-related issues, including software upgrades, security concerns and general technical issues. IT directors communicate with executives to ensure company-wide directives are carried out successfully.
These directors research new IT software and hardware to keep their organizations up to date and safe. They track metrics for managing IT professionals, along with storage, hardware and software. IT directors also handle employee schedules and departmental budgetary planning. As department heads, they must possess strong communication skills to interact with mid-level professionals and c-suite executives.
Average Annual Salary: Around $70,500
Required Education: Bachelor’s degree in cybersecurity, computer and information technology or a related field
Job Description: Security analysts work in computer systems, networks and information security departments to prevent, monitor and respond to security breaches. This broad professional title refers to workers who handle a variety of tasks in computer and network security.
These professionals work in many industries as “first responders” for cyberattacks. They must demonstrate deep knowledge of hardware, software and data storage to understand potential vulnerabilities and security solutions. Security analysts may help design security systems and handle encryption efforts for businesses to protect sensitive information.
Average Annual Salary: Around $121,000
Required Education: Bachelor’s degree in network engineering or a related field; master’s in cybersecurity or a related field often preferred
Job Description: Network architects design and implement organizations’ security infrastructures. These professionals test and analyze existing safety structures to identify vulnerabilities and deliver improvements. They handle the installation and maintenance of computer systems, including interconnected devices like firewalls and routers.
Before deploying any updates or upgrades, these information security professionals create models to test their networks in a controlled environment. Modeling allows network architects to forecast security and traffic issues before implementing their infrastructures in the real world. These professionals also train and educate IT workers on organizational best practices.
Frequently Asked Questions About CISSP Requirements
What are the requirements to become CISSP-certified?
The two primary CISSP requirements are passing the exam and gaining five years of relevant professional experience.
No. CISSP certification suits experienced cybersecurity and information security professionals, requiring a minimum of five years of experience in the field.