Top of Page

(ISC)² Updates CISSP Cybersecurity Certification Exam Based on Expert-Led Domain Revision

Changes to Certified Information Systems Security Professional (CISSP®) and Certified Authorization Professional (CAP®) exams ensure continued relevance and align with latest practices

Clearwater, FL, February 1, 2021 – (ISC)² – the world’s largest nonprofit membership association of certified cybersecurity professionals – announced forthcoming domain refreshes to its popular CISSP certification exam, which will take effect on May 1, 2021 and its CAP exam, which will take effect on August 15, 2021. The enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. The details of these changes are outlined in a CISSP Domain Refresh FAQ and a CAP Domain Refresh FAQ.

(ISC)² exams are routinely refreshed to reflect the most pertinent issues professionals face. Exam changes are derived from a process called the Job Task Analysis (JTA). The JTA is derived from input and feedback from (ISC)² members who understand the dynamic, real-world changes to the cybersecurity landscape. They map the actual current job tasks performed by certified members to the content of each credentialing exam and the Continuing Professional Education (CPE) credits required to maintain certification. This ensures the exam content remains relevant and that both current and future members are familiar with the latest issues, practices and skills associated with each domain.

“Frequent reviews and changes to our exams are vital to maintaining the high standards of our certifications and keeping them in step with shifts in the cybersecurity industry,” said Dr. Casey Marks, chief product officer and vice president, (ISC)². “It is to the benefit of our members and those who employ them to know that those holding our certifications are consistently being evaluated on and learning about the latest issues and best practices, as defined by their peers in the field. Our continued thanks go to all JTA volunteers for their dedication and hours of commitment that help us keep our certification exams so relevant.”

The CISSP is the most globally recognized certification in the information security market, and was recently named the most valuable security certification for 2021. The broad spectrum of topics covered by the CISSP exam aligns with the Common Body of Knowledge (CBK®), which is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices. It ensures that a certified professional understands all aspects of information security and how different pieces of the information technology ecosystem interact.

The foundational elements of the exam remain, but the weighting of the eight domains – or core disciplinary areas of focus covered – has been refined. The CISSP Certification Exam Outline can be viewed at An updated Official (ISC)² CISSP Training Course will be available in May 2021.

The CAP certification is the best way to demonstrate expertise in the risk management framework (RMF) and is the only certification under the DoD8570 mandate that aligns with each RMF step. It is ideal for cybersecurity professionals who work with the federal government, the U.S. military or organizations worldwide who have adopted the RMF. Changes have been made to the content of the CAP exam to focus on real world challenges that authorization security professionals face today, along with the best practices needed for mitigation. For instance, privacy controls will now complement security controls in several domains. Some topics have been updated while others have been realigned, and some domain names have been changed to best describe the topics within them accurately. The CAP Certification Exam Outline can be viewed at

About (ISC)²
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 150,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit, follow us on Twitter or connect with us on Facebook and LinkedIn.

# # #

© 2021, (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks of (ISC)², Inc.

Media Contact:
Brian Alberti
Corporate Public Relations Manager
(617) 510-1540