On September 15, 2023, the CSSLP credential exam will see some updates and changes as was previously announced on January 18, 2023. As with all ISC2 certifications, this exam update is based on a Job Task Analysis (JTA) process which ensures the exam accurately reflects the industry.
The JTA process includes a survey of current certification holders to determine how often their knowledge, skills and abilities are represented in the exam outline. Based on their responses, subject matter experts update the exam outline and exam items to accurately reflect that feedback.
An exam that is up to date ensures that those who hold the CSSLP, such as software development and security professionals, are applying best practices during each phase of the Software Development Life Cycle (SDLC).
The CSSLP meets the U.S. Department of Defense (DoD) Directive 8570.1 which is required for many government jobs. The CSSLP exam may be the next step in your career development if you are currently in a role like Software Architect, Software Engineer, Software Developer, Software Program Manager, Application Security Specialist, Quality Assurance Manager, IT Director/Manager to name a few.
While the weights of many of the domains of the CSSLP exam are changing it still requires at least four years of work experience in one or more of the eight domains. If you are planning to sit for the CSSLP exam on or after September 15, 2023, and have the necessary work experience, you will still be equally prepared to take the updated CSSLP exam. Only five of the eight domain weights were minimally impacted, and the list was merely re-ordered. While these changes are minor, we still recommend that all exam candidates be familiar with the current domains. The updated domain weights for the CSSLP are in the chart below:
| Previous Domains | Weight | Domains as of Sept 2023 | Weight |
|---|---|---|---|
| DOMAIN 1 | |||
| Secure Software Concepts | 10% | Secure Software Concepts | 12% |
| DOMAIN 2 | |||
| Secure Software Requirements | 14% | Secure Software Lifecycle Management | 11% |
| DOMAIN 3 | |||
| Secure Software Architecture and Design | 14% | Secure Software Requirements | 13% |
| DOMAIN 4 | |||
| Secure Software Implementation | 14% | Secure Software Architecture and Design | 15% |
| DOMAIN 5 | |||
| Secure Software Testing | 14% | Secure Software Implementation | 14% |
| DOMAIN 6 | |||
| Secure Software Lifecycle Management | 11% | Secure Software Testing | 14% |
| DOMAIN 7 | |||
| Secure Software Deployment, Operations, Maintenance | 12% | Secure Software Deployment, Operations, Maintenance | 11% |
| DOMAIN 8 | |||
| Secure Software Supply Chain | 11% | Secure Software Supply Chain | 10% |
If you hold the CSSLP, or any other ISC2 credential, and would like to be involved in the exam writing process, learn more about the ISC2 Volunteer Program and submit your application.
Candidates with questions about an upcoming CSSLP exam may contact the Exam Administration team at examadministration@isc2.org.