SSCP CBK Domains

The SSCP examination domains and weights are:



1. Access Controls


2. Security Operations and Administration


3. Risk Identification, Monitoring and Analysis


4. Incident Response and Recovery


5. Cryptography


6. Network and Communications Security


7. Systems and Application Security




  • Access Controls - Underlying principles of access control systems and how to implement, manage and secure those systems, including internetwork trust architectures, federated identity management, identity management lifecycle, and various access control frameworks.
    • Implement Authentication Mechanisms
    • Operate Internetwork Trust Architectures
    • Participate in the Identity-Management Lifecycle
    • Implement Access Controls
  • Security Operations and Administration - Identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.
    • Understand and Comply with Code of Ethics
    • Understand Security Concepts
    • Document and Operate Security Controls
    • Participate in Asset Management
    • Implement and Assess Compliance with Controls
    • Participate in Change Management
    • Participate in Security Awareness and Training
    • Participate in Physical Security Operations
  • Risk Identification, Monitoring, and Analysis - Identification, evaluation and prioritization of potential threats and the systematic application of resources to monitor, manage and mitigate those threats. Includes risk management concepts, assessment activities, and monitoring terminology, techniques and systems.
    • Understand the Risk Management Process
    • Perform Security Assessment Activities
    • Operate and Maintain Monitoring Systems
    • Analyze Monitoring Results
  • Incident Response and Recovery - Properly implement and exercise incident handling processes and procedures that provide rapid and consistent approach to addressing security incidents, supporting forensic investigations, Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP).
    • Participate in Incident Handling
    • Understand and Support Forensic Investigations
    • Understand and Support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
  • Cryptography - Understand common cryptographic concepts, methodologies, and technologies, including legal and regulatory requirements, key management concepts, public key infrastructure, and the implementation and use of secure protocols.
    • Understand and Apply Fundamental Concepts of Cryptography
    • Understand Requirements for Cryptography
    • Understand and Support Secure Protocols
    • Operate and Implement Cryptographic Systems
  • Networks and Communications Security - Encompasses network architecture, transmission methods, transport formats, control devices, and security measures used to maintain the confidentiality, integrity, and availability of the information transmitted over communication networks.
    • Understand Security Issues Related to Networks
    • Protect Telecommunications Technologies
    • Control Network Access
    • Manage LAN-based Security
    • Operate and Configure Network-based Security Devices
    • Implement and Operate Wireless Technologies
  • Systems and Application Security - Common attack vectors and associated countermeasures, including impact of virtualization, mobile devices, cloud computing, and Big Data vulnerabilities, configuration and security.
    • Identify and Analyze Malicious Code and Activity
    • Implement and Operate Endpoint Device Security
    • Operate and Configure Cloud Security
    • Secure Big Data Systems
    • Operate and Secure Virtual Environments
Need More Information?





get started on your it security career

SSCP Ultimate Guide Banner


orange line


White Paper

CISSPs and SSCPs Working Together:
Creating a Culture of Security
Download Now  

orange line