ISC2 · Official Blueprint · Last reviewed May 2026
The official ISC2 CISSP exam covers 8 domains. Domain weights tell you exactly how much of the exam each topic represents — and where to invest your study time.
Covers the topics, concepts, and applied skills examined under the Security and Risk Management domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Asset Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Network segmentation, zero trust architecture, cloud security models, virtualisation security, and resilience/redundancy design.
Covers the topics, concepts, and applied skills examined under the Communication and Network Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Identity and Access Management domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Security Assessment and Testing domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Incident response lifecycle, digital forensics, threat hunting, SIEM/SOAR tools, log analysis, and security automation.
Covers the topics, concepts, and applied skills examined under the Software Development Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
The heaviest domain on the CISSP is "Security and Risk Management" at null%. Start here and return to it regularly.
Allocate study time proportional to domain weight — a 25% domain deserves roughly 25% of your prep hours.
Never skip a low-weight domain. A 10% domain still represents 5–7 exam questions — enough to make the difference between pass and fail.
Use Courseiva domain analytics to track your accuracy per domain automatically. The system routes extra questions to your weak areas.
Courseiva tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.
CISSP Security Domains
The CISSP is designed for experienced security practitioners who think at a management and architecture level, not just a technical implementation level.
CISSP Access Control & Crypto
Two of the most heavily tested CISSP domains are Identity and Access Management and Security Architecture, and cryptography sits at the intersection of both.