Earning a Certified Information Systems Security Professional (CISSP) certification goes beyond training and a passing examination score. ISC2 certifications designate that a member has demonstrated the requisite work-related knowledge, skills, or competencies and met the requirements. These include professional experience as established by ISC2 and assessed by an accredited institute. All nine of ISC2’s certification programs are ANAB accredited, assuring that they are developed and maintained with rigorous standards.

In order to earn your CISSP, after passing the exam, a candidate must meet specific experience requirements, be endorsed by an industry insider, pay an Annual Maintenance Fee (AMF), commit to and fully support the ISC2 Code of Ethics.

CISSP Experience Requirements

Candidates must have a minimum of five years of cumulative, full-time work experience in at least two of the eight domains of the current CISSP Exam Outline:

  1. 1. Security and Risk Management
  2. 2. Asset Security
  3. 3. Security Architecture and Engineering
  4. 4. Communication and Network Security
  1. 5. Identity and Access Management (IAM)
  2. 6. Security Assessment and Testing
  3. 7. Security Operations
  4. 8. Software Development Security

Full-time experience is accrued monthly, with one month defined as at least 35 hours per week for four consecutive weeks, while part-time experience must be between 20 and 34 hours per week and is converted at 1,040 hours for six months or 2,080 hours for 12 months of full-time experience. Both paid and unpaid internships qualify with proper documentation on official letterhead, and academic internships may be verified by a registrar.

Candidates may reduce the required experience by up to one year with a post-secondary degree (Bachelor’s or Master’s) in computer science, information technology, or a related field or an approved credential from the ISC2 waiver list. Only one waiver is permitted; a degree and credential cannot be combined to reduce two years of experience.

CISSP Exam Experience Waiver – What Has Changed

As a part of the examination lifecycle, the ISC2 Standards and Practice team reviews the waiver list. The latest revision to the waiver list was implemented April 1, 2026. The evolution of the waiver list is a part of how ISC2 upholds its certification standards and can continue to assure that value is placed on the high-level training and experience of ISC2 certification holders.

Certifications on the active list were reviewed for compliance to the standard by representatives of the Standards and Practice team with support from the Exams Content Development team.

To be included on the Exam Experience Waiver List certifications must have a publicly available exam outline, be ANAB ISO/IEC 17024–accredited (or come from a reputable organization with a proctored exam) and align at least 90% with two or more CISSP domains. Those that did not meet these standards are no longer eligible for the waiver and were removed from the list. Opportunities are continuously evolving; o rganizations as well as candidates can request exams to be reviewed outside of the regular maintenance cycle.

ISC2 Approved Work Experience Waiver Credential List

You can satisfy one year of work experience if you hold one of the approved credentials on the below ISC2 approved list.

AWS Certified Security - Specialty
Certified Cloud Security Professional (CCSP)
Certified in Governance, Risk and Compliance (CGRC)
Certified Information Security Manager (CISM)
Certified Secure Software Lifecycle Professional (CSSLP)
Cisco Certified Internetwork Expert (CCIE) Security
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional Security (CCNP Security)
CompTIA Advanced Security Practitioner (CASP+)
CompTIA CySA+
CompTIA Security+
CompTIA SecurityX
GIAC Global Industrial Cyber Security Professional (GICSP)

GIAC Information Security Fundamentals (GISF)
GIAC Information Security Professional (GISP)
GIAC Security Leadership Certification (GSLC)
HealthCare Information Security and Privacy Practitioner (HCISPP)
Information Systems Security Architecture Professional (ISSAP)
Information Systems Security Engineering Professional (ISSEP)
Information Systems Security Management Professional (ISSMP)
Microsoft Certified Cybersecurity Architect
Systems Security Certified Practitioner (SSCP)
Zscaler Digital Transformation Administrator (ZDTA)
Zscaler Digital Transformation Engineer (ZDTE)
Zscaler Digital Experience Administrator (ZDXA)

Candidates who pass the CISSP exam but do not yet meet the experience requirement have up to six years to complete their experience and during that time can become an Associate of ISC2.