ISC2 · 2026 Edition
A complete preparation guide written by ISC2-certified engineers. Covers the exam format,all 8 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
4–6 months
Prep time
Advanced
Difficulty
125
Exam questions
700/1000
Pass mark
Exam code
CISSP
Full name
CISSP
Vendor
ISC2
Duration
240 minutes
Questions
125 items
Passing score
700/1000 (scaled)
Domains covered
8 blueprint domains
Recommended experience
5+ years of paid security work experience across at least 2 of the 8 domains required
Typical prep time
4–6 months
CISSP is the gold standard for senior security professionals. CISSP-certified managers and architects command the highest salaries in information security globally.
Job roles this opens
Domain percentage weights are not currently available for this exam. The checklist below is still useful for planning your study.
Month 1
Security & Risk Management + Asset Security
Tip: Think like a manager, not a technician — CISSP asks what a senior manager would recommend, not what a tech would configure.
Month 2
Security Architecture + Communication & Network Security
Tip: Security models (Bell-LaPadula, Biba, Clark-Wilson) are tested at conceptual level, not implementation detail.
Month 3
Identity & Access Management + Security Assessment & Testing
Tip: Know IAM frameworks and access control models (DAC, MAC, RBAC, ABAC) and when each applies.
Month 4
Security Operations + Software Development Security
Tip: Incident response, BCP/DR planning, and secure SDLC are the operational heart of the exam.
Month 5+
Full mock exams + weak domain review
Tip: CISSP is adaptive (CAT, 100–150 questions) — pace yourself and flag questions rather than spending too long on any one.
CISSP tests managerial judgment, not technical configuration. When in doubt, choose the answer a CISO would pick.
Risk management dominates: know quantitative risk (ALE = ARO × SLE) and qualitative risk frameworks.
BCP vs DRP vs IR — know where each starts and ends. CISSP tests the boundaries between them.
The (ISC)² CISSP is adaptive (CAT) — between 100–150 questions. Don't panic if it goes past 100; the exam continues until confidence is established.
You need 5 years of professional experience to earn CISSP — an Associate of (ISC)² path exists for those not yet qualified.
Apply everything in this guide with adaptive practice questions, detailed answer explanations, and domain analytics.
Deep-dive explanations of the key topics tested on CISSP — with exam key points and common misconceptions.
CISSP Security Domains
The CISSP is designed for experienced security practitioners who think at a management and architecture level, not just a technical implementation level.
CISSP Access Control & Crypto
Two of the most heavily tested CISSP domains are Identity and Access Management and Security Architecture, and cryptography sits at the intersection of both.