CSSLP Domain Refresh FAQ

Q: Why are changes being made to the CSSLP exam? 

A: (ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing software security professionals.

Q: How is the CSSLP exam changing?

A: The content of the CSSLP has been refreshed to reflect the most pertinent issues that secure software lifecycle professionals currently face, along with the best practices for mitigating those issues. Some topics have been updated while others have been realigned. The result is an exam that most accurately reflects the technical and practical security knowledge that is required for the daily job functions of the software professional.  

As a result of the content refresh, we have updated some of the domain names to describe the topics accurately. Three domains of the CSSLP are changing.

Previous CSSLP Domain Name

New CSSLP Domain Name

Domain 4.  Secure Software Implementation/Coding

Domain 4. Secure Software Implementation/Programming

Domain 6.  Software Acceptance

Domain 6. Secure Lifecycle Management

Domain 7. Software Deployment, Operations, Maintenance and Disposal

Domain 7. Software Deployment, Operations, Maintenance


The weights for the domains are also changing.

Major Domains

Weightings (Percentage)

Domain 1. Secure Software Concepts

13%

Domain 2. Secure Software Requirements

14%

Domain 3. Secure Software Design

16%

Domain 4. Secure Software Implementation/Programming

16%

Domain 5. Secure Software Testing

14%

Domain 6. Secure Lifecycle Management

10%

Domain 7. Software Deployment, Operations, Maintenance

9%

Domain 8. Supply Chain and Software Acquisition

8%

Total

100%

Q: Why do domains for (ISC)² credential exams change?

A: Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process. 

Q: When will these changes go into effect?

A: The changes will begin on Saturday, July 1, 2017.  

Q: In what language will the refreshed CSSLP exam be available?

A: The refreshed CSSLP exam will be available in English only.  

Q: Will this change the number of questions or the time required to take the CSSLP exam?

A: No. The CSSLP exam will have the same number of questions, and the time required to take the exam will be the same. 

Q: If I have been studying for the CSSLP exam with material that focuses on the current domains, will I be sufficiently prepared to take the new exam without additional study? 

A: (ISC)² exams are experience-based that include experience-based questions that cannot be learned by studying alone. If you have the experience in the domains covered in CSSLP and feel like you have sufficiently studied those domains, you should feel confident that you are qualified to take the new exam and pass it. (ISC)² cannot guarantee you will pass the exam. 

Q: Do these updates affect the experience requirement for the CSSLP?

A: No. For the CSSLP, a candidate is required to have a minimum of four years of cumulative paid full-time Software Development Lifecycle (SDLC) professional work experience in one or more of the eight domains of the (ISC)² CSSLP CBK, or three years of cumulative paid full-time SDLC professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year degree leading to a Baccalaureate, or regional equivalent in Computer Science, Information Technology (IT) or related fields. 

Q: What impact do these changes have on (ISC)² training materials?  

A: All Official (ISC)2 CSSLP Training Courses commencing by June 19, 2017 will be available for enrollment. New training courses will be made available in the third quarter of 2017 pending new CSSLP curriculum revisions. The Second Edition CSSLP CBK Textbook will not be updated at this time but is still a comprehensive resource that is relevant in preparing for the CSSLP.