Top of Page
 

CSSLP Domain Refresh FAQ

Q:

Why are changes being made to the CSSLP exam?

A:
(ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that (ISC)²: follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing software development professional.
Q:

How is the CSSLP exam changing?

A:

This certification is geared towards software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment.

As a result of the content refresh, we have updated some of the domain names to describe the topics accurately. 


Previous CSSLP Domain Name

New CSSLP Domain Name

Domain 1: Secure Software Concepts

Domain 1: Secure Software Concepts

Domain 2: Secure Software Requirements

Domain 2: Secure Software Requirements

Domain 3: Secure Software Design

Domain 3: Secure Software Architecture and Design 

Domain 4: Secure Software Implementation / Programming

Domain 4: Secure Software Implementation

Domain 5: Secure Software Testing

Domain 5: Secure Software Testing

Domain 6: Secure Lifecycle Management

Domain 6: Secure Software Lifecycle Management

Domain 7: Software Deployment, Operations and Maintenance

Domain 7: Secure Software Deployment, Operations, Maintenance

Domain 8: Supply Chain and Software Acquisition

Domain 8: Secure Software Supply Chain

 

The weights for the domains are also changing.


Major Domains

Weightings (Percentage)

Domain 1: Secure Software Concepts

 10%

Domain 2: Secure Software Requirements

 14% 

Domain 3: Secure Software Architecture and Design

 14% 

Domain 4: Secure Software Implementation

 14% 

Domain 5: Secure Software Testing

 14%

Domain 6: Secure Software Lifecycle Management

 11%

Domain 7: Secure Software Deployment, Operations, Management

12%

Domain 8: Secure Software Supply Chain

 11%

Total

 100%

 

Q:

Why do domains for (ISC)² credential exams change?

A:

Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.

Q:

When will these changes go into effect?

A:

The changes will begin on September 15, 2020.

Q:

In what language will the refreshed CSSLP exam be available?

A:

The refreshed CSSLP exam will be available in English only.

Q:

Will this change the number of questions or the time required to take the CSSLP exam?

A:

The CSSLP exam will now have 125 items, and the exam time has been changed from four to three hours. A passing grade remains 700 out of 1,000.

Q:

If I have been studying for the CSSLP exam with material that focuses on the current domains, will I be sufficiently prepared to take the new exam without additional study?

A:

(ISC)² exams are experience-based that include experience-based questions that cannot be learned by studying alone. If you already have the experience in the domains covered in CSSLP and believe that you have sufficiently studied those domains, you should feel confident that you are qualified to take the new exam and pass it. (ISC)² cannot guarantee you will pass the exam.

Q:

Do these updates affect the experience requirement for the CSSLP?

A:

No. For the CSSLP, a candidate is required to have a minimum of four years cumulative work experience in one or more of the eight domains of the CSSLP CBK.

Q:

When will the training course for CSSLP be updated to reflect these changes?

A:
The Official (ISC)² CSSLP training course will be updated on September 15, 2020 to reflect the changes to the exam outline.
OK