CSSLP Domain Refresh FAQ
Q: Why are changes being made to the CSSLP exam?
ISC2 has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that ISC2: follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing software development professional.
Q: How is the CSSLP exam changing?
This certification is geared towards software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment.
As a result of the content refresh, we have updated some of the domain names to describe the topics accurately.
|
Previous CSSLP Domain Name |
New CSSLP Domain Name |
|---|---|
|
Domain 1: Secure Software Concepts |
Domain 1: Secure Software Concepts |
|
Domain 2: Secure Software Requirements |
Domain 2: Secure Software Lifecycle Management |
|
Domain 3: Secure Software Architecture and Design |
Domain 3: Secure Software Requirements |
|
Domain 4: Secure Software Implementation |
Domain 4: Secure Software Architecture and Design |
|
Domain 5: Secure Software Testing |
Domain 5: Secure Software Implementation |
|
Domain 6: Secure Software Lifecycle Management |
Domain 6: Secure Software Testing |
|
Domain 7: Secure Software Deployment, Operations and Maintenance |
Domain 7: Secure Software Deployment, Operations, Maintenance |
|
Domain 8: Secure Software Supply Chain |
Domain 8: Secure Software Supply Chain |
The weights for the domains are also changing.
| Major Domains |
Weightings (Percentage) |
|
Domain 1: Secure Software Concepts |
12% |
|
Domain 2: Secure Software Lifecycle Management |
11% |
|
Domain 3: Secure Software Requirements |
13% |
|
Domain 4: Secure Software Architecture and Design |
15% |
|
Domain 5: Secure Software Implementation |
14% |
|
Domain 6: Secure Software Testing |
14% |
|
Domain 7: Secure Software Deployment, Operations, Management |
11% |
|
Domain 8: Secure Software Supply Chain |
10% |
|
Total |
100% |
Q: Why do domains for ISC2 credential exams change?
Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.
Q: When will these changes go into effect?
The changes will begin on September 15, 2023.
Q: In what language will the refreshed CSSLP exam be available?
The refreshed CSSLP exam will be available in English only.
Q: Will this change the number of questions or the time required to take the CSSLP exam?
The CSSLP exam will still have 125 items, and the exam time is still three hours. A passing grade remains 700 out of 1,000.
Q: If I have been studying for the CSSLP exam with material that focuses on the current domains, will I be sufficiently prepared to take the new exam without additional study?
ISC2 exams are experience-based that include experience-based questions that cannot be learned by studying alone. If you already have the experience in the domains covered in CSSLP and believe that you have sufficiently studied those domains, you should feel confident that you are qualified to take the new exam and pass it. ISC2 cannot guarantee you will pass the exam.
Q: Do these updates affect the experience requirement for the CSSLP?
No. For the CSSLP, a candidate is required to have a minimum of four years cumulative work experience in one or more of the eight domains of the CSSLP CBK.
Q: When will the training course for CSSLP be updated to reflect these changes?
The Official ISC2 CSSLP training course will be updated on September 15, 2023 to reflect the changes to the exam outline.