Effective Date: November 2018
SSCP Certification Exam Outline
View and download the latest PDF version of the SSCP Certification Exam Outline (Effective November 2018) in the following languages:
Please Note: Effective November 1, 2021, the SSCP exam will be based on a new exam outline. Some domain names and weights will change. If you plan to take the exam after on or after November 1, 2021, please review our FAQs to learn more and reference the following exam outlines:
The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
The broad spectrum of topics included in the SSCP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following seven domains:
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Network and Communications Security
- Systems and Application Security
Candidates must have a minimum of one year cumulative work experience in one or more of the seven domains of the SSCP CBK. A one year prerequisite pathway will be granted for candidates who received a degree (bachelors or masters) in a cybersecurity program.
A candidate that doesn’t have the required experience to become an SSCP may become an Associate of (ISC)² by successfully passing the SSCP examination. The Associate of (ISC)² will then have two years to earn the one year required experience. You can learn more about SSCP experience requirements and how to account for
part-time work and internships at www.isc2.org/Certifications/SSCP/experience-requirements.
SSCP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024.
Job Task Analysis (JTA)
(ISC)² has an obligation to its membership to maintain the relevancy of the SSCP. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by security professionals who are engaged in the profession defined by the SSCP. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.