The CISSP Exam is Changing in 2024: What You Need to Know

The Certified Information Systems Security Professional (CISSP) exam is getting a refresh in 2024. As a CISSP certified cybersecurity professional myself, I want to provide some helpful information to those planning to take or retake the exam after April 15, 2024.

Why the Update?

ISC2, the organization that administers the CISSP, updates the exam every few years to keep it current with the latest trends and technologies in the field of cybersecurity.

The upcoming changes are based on the results of their Job Task Analysis (JTA), which surveys CISSP members to determine the skills and knowledge required for today’s cybersecurity roles and responsibilities.

What’s Changing?

The changes to the CISSP exam are relatively minor:

• The domain weights have been slightly adjusted, with Domain 1 (Security and Risk Management) increasing from 15% to 16% and Domain 8 (Software Development Security) decreasing from 11% to 10%.
• Some new material has been added while other topics have been updated or moved between domains. I’ll cover the key changes in more detail below.
• The computer-based exam will be 3 hours with 100–150 questions.

Thank you Rob Witcher for all the efforts you put!

Key Content Changes

Here are some of the most notable updates to the CISSP exam content:

Domain 1 — Security and Risk Management

• More focus on risk management frameworks like FAIR and TARA
• Increased emphasis on business continuity and resilience and external dependencies
• Focus on Evaluate, apply and sustain security governance principles.
• Some information related to cybersecurity insurance policies

Domain 3 — Security Architecture and Engineering

• KISS — Keep it simple and small
• Added trust but verify to zero trust
• More information added related to OT security

Domain 5 — Identity and Access Management

• Expanded coverage of access control methods like ABAC and PBAC
• New material on authentication methods and identity proofing
• More information on service account management

Domain 7 — Security Operations

• Enhanced focus on security orchestration, automation, and response (SOAR) tools
• Enhanced focused on communication eg stakeholders and regulators

Domain 8 — Software Development Security

• Added scaled agile framework
• New content on Application security such as SAST, DAST and IAST
• More information related to managed services for enterprises

How to Prepare

The good news is that most existing CISSP study materials will still apply, since the changes are relatively small. But it’s important to supplement your studies with updated content that covers the new material.

I recommend reviewing the latest exam outline and identifying any gaps in your knowledge, then filling those gaps through additional studying, training, and hands-on practice. Stay tuned for updated CISSP exam prep resources!

With some focused preparation, CISSP candidates can pass the new exam in 2024. As a fellow certified professional, I’m happy to help answer any other questions you may have! Just leave a comment below or connect with me on Linkedin

Further Reading

• https://www.isc2.org/certifications/cissp/cissp-exam-refresh-faq
• https://www.isc2.org/Insights/2023/11/Changes-to-CISSP-Exam-Weighting