ISC2 examinations are continuously evolving alongside the latest in cybersecurity. Each ISC2 examination is in a constant rotating cycle to ensure we are at the forefront of today’s cyber climate. To ensure the needs of cyber professionals, the ISC2 Qualifications Team partners with ISC2-certified member volunteers that verify exam content is consistent with the latest policy, technology and workplace best practices. These subject matter experts (SMEs) participate in Job Task Analyses (JTAs) which take a close look at the knowledge, skills and abilities (KSAs) needed to successfully perform activities in today’s cybersecurity roles.
Of ISC2’s nine certifications, three are considered advanced security certifications and require the highest experience levels. These are Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP) and Information Systems Security Management Professional (ISSMP). To become credentialed in an advanced security certification a candidate must be a CISSP in good standing and have two years cumulative, full-time experience in one or more of the exam outline domains or have a minimum of seven years cumulative, full-time experience in two or more of the domains.
New Exam Outlines will be in place for the ISSAP, ISSEP and ISSMP beginning August 1, 2025. The domains and domain weights along with their subdomains have been revisited and revised based on the latest JTA.
ISC2 Advanced Security Certification Domains & Weights
ISSAP – ISSAP Exam Outline
-
Governance, Risk, and Compliance (GRC) (21%)
-
Security Architecture Modeling (22%)
-
Infrastructure and System Security Architecture (32%)
-
Identity and Access Management (IAM) Architecture (25%)
ISSEP – ISSEP Exam Outline
-
Systems Security Engineering Foundations (24%)
-
Risk Management (20%)
-
Security Planning & Engineering (22%)
-
Systems Security Implementation, Verification, and Validation (14%)
-
Secure Operations, Change Management, and Disposal (15%)
ISSMP – ISSMP Exam Outline
-
Leadership and Organizational Management (21%)
-
Systems Lifecycle Management (15%)
-
Risk Management (20%)
-
Security Operations (18%)
-
Contingency Management (12%)
-
Law, Ethics, and Security Compliance Management (14%)