ISC2 · Official Blueprint · Last reviewed May 2026
The official ISC2 CISSP exam covers 8 domains. The vendor does not publish percentage weights for these domains — treat each as an equal part of the exam blueprint.
Covers the topics, concepts, and applied skills examined under the Security and Risk Management domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Security and Risk Management questionsNetwork segmentation, zero trust architecture, cloud security models, virtualisation security, and resilience/redundancy design.
Practice Security Architecture and Engineering questionsCovers the topics, concepts, and applied skills examined under the Communication and Network Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Communication and Network Security questionsCovers the topics, concepts, and applied skills examined under the Security Assessment and Testing domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Security Assessment and Testing questionsCovers the topics, concepts, and applied skills examined under the Identity and Access Management domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Identity and Access Management questionsCovers the topics, concepts, and applied skills examined under the Software Development Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Software Development Security questionsCovers the topics, concepts, and applied skills examined under the Asset Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Asset Security questionsIncident response lifecycle, digital forensics, threat hunting, SIEM/SOAR tools, log analysis, and security automation.
Practice Security Operations questionsThe vendor does not currently publish percentage weights for these domains, so Courseiva does not rank them by weight.
Work through each domain systematically — cover fundamentals first, then applied and scenario-based topics.
Never skip a domain regardless of perceived importance. Full coverage is required to pass.
Use Courseiva domain analytics to track your accuracy per domain and route extra questions to your weak areas.
Courseiva tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.
CISSP Security Domains
The CISSP is designed for experienced security practitioners who think at a management and architecture level, not just a technical implementation level.
CISSP Access Control & Crypto
Two of the most heavily tested CISSP domains are Identity and Access Management and Security Architecture, and cryptography sits at the intersection of both.