Effective October 23, 2023, ISC2 has introduced an additional path to earning the ISSAP, ISSEP and ISSMP certifications. This new path removes the CISSP as a requirement, while recognizing seven years of relevant experience as a qualifying factor in earning the ISSAP, ISSEP or ISSMP.
"This change makes the ISSAP, ISSEP and ISSMP accessible to more professionals who are interested in earning a certification that specifically demonstrates their advanced knowledge, skills and abilities in the fields of security architecture, security engineering and security management respectively.” said ISC2 Chief Qualifications Officer, Casey Marks, PhD. “The CISSP path still exists, and this new path recognizes the value of significant experience in the field.”
It is important to note that the new, non-CISSP path to the ISSAP, ISSEP and ISSMP certifications increases the opportunities for those information technology/cybersecurity professionals with significant experience to earn these advanced certifications without pursuing the CISSP certification first.
How to earn and maintain the ISSAP, ISSEP or ISSMP
There are two ways to earn and maintain these specialized, role-based certifications.
If you have a CISSP certification:
- You must have at least two years of experience in two or more of the domains of the ISSAP, ISSEP or ISSMP.
- Pass your exam and submit your certification application.
- To maintain your ISSAP, ISSEP or ISSMP, you will need to earn 60 CPE credits in each 3-year term.
- There is no additional AMF for earning and maintaining ISSAP, ISSEP or ISSMP.
If you do not have a CISSP certification:
- You must have at least seven years of experience in two or more of the domains of the ISSAP, ISSEP or ISSMP.
- Pass your exam and submit your certification application.
- To maintain your ISSAP, ISSEP or ISSMP, you will need to earn 140 CPE credits in each 3-year term.
- If you already hold the CC, your AMF will increase by U.S. $75.
- If this is your first ISC2 certification, your AMF will be U.S. $125.
What this means for those with ISSAP, ISSEP, ISSMP
If you’ve already earned the ISSAP, ISSEP or ISSMP, there is a minor change to how you will present your certifications. Keeping in line with the ISC2 policy of listing certifications in order of most-to-least experience required, these certifications will now come first after your name.
For example: Daniella Vega, CISSP-ISSAP becomes Daniella Vega, ISSAP, CISSP.
Who should earn the ISSAP, ISSEP or ISSMP?
These specialized, role-based certifications are ideal for security professionals looking to demonstrate advanced knowledge and experience in particular areas of cybersecurity.
The ISSAP – Information Systems Security Architecture Professional – is ideal for individuals focused on security architecture, including roles like:
- Systems or network architect
- System and network designer
- Business analyst
The ISSEP – Information Systems Security Engineering Professional – is suited for professionals who are working primarily as security engineers, with titles including:
- Senior systems engineer
- Information assurance systems engineer
- Information assurance officer or analyst
And finally, ISSMP – Information Systems Security Management Professional – would be a certification to pursue for those working in a senior leadership role, such as:
- Chief information officer (CIO)
- Chief information security officer (CISO)
- Chief technology officer (CTO)
If you’re interested in pursuing your ISSAP, ISSEP or ISSMP, join a Study Group on our online Community.