Our Credentialing Process
If you’re pursuing an
(ISC)² certification, the following steps will guide you through the process of
1. Obtain the Required Experience
The years of experience required for certification depends on
the particular credential that you are pursuing. Valid experience
includes information systems security-related work performed, or
work that requires information security knowledge and involves
direct application of that knowledge. The experience required for
each (ISC)² certification is as follows:
- SSCP - 1 year of
cumulative work experience in 1 or more of the 7 domains of the
- CAP - 2 years of direct,
full-time, information systems security certification and
authorization professional work experience in 1 or more of the
7 domains of the CAP CBK
- CSSLP - A minimum of 4
years of professional experience in the software lifecycle (SDLC)
field in 1 or more of the 8 domains of the CSSLP CBK
- CISSP - A minimum of 5
years of direct, full-time security professional work experience in
2 or more of the 8 domains of the CISSP CBK ; *One year of work
experience may be waived with a four-year or higher
college degree or approved credential.
Concentrations - 2 years of professional work
experience in the area of architecture, engineering, or management
for the CISSP-ISSAP®, CISSP-ISSEP® , or CISSP-ISSMP®
- CCFP - A 4-year college
degree leading to a Baccalaureate, or regional equivalent, plus 3
years of full time digital forensics or IT security experience in
at least 3 of the 6 domains of the (ISC)² CCFP CBK
6 years of experience in 3 or more of the (ISC)² CCFP CBK domains;
*1 year of work
experience may be waived with an approved forensics
- HCISPP - A minimum of
2 years of cumulative paid full-time work experience in 1 domain of
the credential with the exception that 1 year of the cumulative
experience must be in any combination of the first 3 domains in
Healthcare (Healthcare Industry, Regulatory Environment in
Healthcare, and Privacy & Security in Healthcare). The
remaining 1 year of experience can be optionally in any of the
remaining 3 HCISPP domains (Information Governance and Risk
Management, Information Risk Assessment, and Third Party Risk
Management), and does not have to be related to the Healthcare
- CCSP - A minimum of 5
years of cumulative paid full-time information technology
experience, of which 3 years must be in information security and 1
year in 1 of the 6 domains of the CCSP examination. Earning
Security Alliance's CCSK certificate can be substituted
for 1 year of experience in one of the 6 domains of the CCSP
examination. Earning (ISC)²'s CISSP credential can be
substituted for the entire CCSP experience requirement.
- Associate of
(ISC)² - If you do not meet the professional
experience requirements for the certification you wish to pursue,
you may still become an Associate of (ISC)². To do so, you will
need to register for and pass the certification examination.
2. Schedule the Exam
- Create an account at Pearson Vue and schedule your exam.
- Complete the Examination Agreement, attesting to the truth of your assertions regarding professional experience, and legally committing to the adherence of the (ISC)² Code of Ethics.
- Review the Candidate Background
- Submit the examination fee.
3. Pass the Exam
Pass the examination with a scaled score of 700 points or greater. Read the Exam Scoring FAQs .
4. Complete the Endorsement Process
Once you are notified that you have successfully passed the
examination, you will be required to subscribe to the (ISC)² Code of
Ethics and have your application endorsed before
the credential can be awarded. An endorsement form for
this purpose must be completed and signed by an (ISC)² certified
professional who is an active member, and who is able to attest to
your professional experience. With the endorsement time limit, you
are required to become certified within nine months of the date of
your exam or become an Associate of (ISC)². If you do not become
certified or an Associate of (ISC)² within 9 months of the date of
your exam, you will be required to retake the exam in order to
become certified. (ISC)² can act as an endorser for you if you
cannot find a certified individual to act as one. Please refer to
Assistance Guidelines for additional
information about the endorsement requirements.
5. Maintain the Certification
Recertification is required every three years, with ongoing requirements to maintain your credentials in good standing. This is primarily accomplished through continuing professional education (CPE) credits. More information on qualifying CPEs will be available upon certification. All certifications also require an annual maintenance fee. For more details, please visit our certification pages for CISSP, SSCP, CAP, CSSLP, CCFP, CCSP or HCISPP.
Passing candidates will be randomly selected and audited by (ISC)² prior to issuance of any certificate. Multiple certifications may result in a candidate being audited more than once.