ISC2 · 2026 Edition
A complete preparation guide written by ISC2-certified engineers. Covers the exam format, all 8 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
2–4 months
Prep time
Intermediate
Difficulty
175
Exam questions
700/1000
Pass mark
Exam code
CISSP
Full name
CISSP
Vendor
ISC2
Duration
240 minutes
Questions
~175 items
Passing score
700 / 1000 (scaled)
Domains covered
8 blueprint domains
Recommended experience
Foundational IT knowledge recommended
Typical prep time
2–4 months
Official ISC2 blueprint weights — study time should roughly match these percentages.
Phase 1
Security and Risk Management
Tip: Study the official exam objectives for this domain before practising questions.
Phase 2
Asset Security
Tip: Study the official exam objectives for this domain before practising questions.
Phase 3
Security Architecture and Engineering
Tip: Study the official exam objectives for this domain before practising questions.
Phase 4
Communication and Network Security
Tip: Study the official exam objectives for this domain before practising questions.
Phase 5
Identity and Access Management
Tip: Study the official exam objectives for this domain before practising questions.
Phase 6
Security Assessment and Testing
Tip: Study the official exam objectives for this domain before practising questions.
Phase 7
Security Operations
Tip: Study the official exam objectives for this domain before practising questions.
Phase 8
Software Development Security
Tip: Study the official exam objectives for this domain before practising questions.
Study the official exam blueprint — weight percentages tell you exactly where to invest prep time.
Practise scenario-based questions regularly — every modern cert exam is scenario-heavy.
Use spaced repetition to retain what you've learned (Courseiva does this automatically).
Book your exam date once you're scoring 80%+ consistently on practice tests.
Review explanations for every wrong answer, not just the question — the 'why' is what makes it stick.
Apply everything in this guide with adaptive practice questions, AI explanations, and domain analytics.
Deep-dive explanations of the key topics tested on CISSP — with exam key points and common misconceptions.
CISSP Security Domains
The CISSP is designed for experienced security practitioners who think at a management and architecture level, not just a technical implementation level.
CISSP Access Control & Crypto
Two of the most heavily tested CISSP domains are Identity and Access Management and Security Architecture, and cryptography sits at the intersection of both.