Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.



Take the Steps to Certification

If you’re pursuing an (ISC)² credential, please refer to the following steps that are necessary to obtain certification:

1) Obtain the Required Experience

The years of experience required for certification depends on the particular credential that you are pursuing. Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. The experience required for each (ISC)² credential is as follows:

  • SSCP – One year of cumulative work experience in one or more of the seven domains of the SSCP® CBK® 
  • CAP – Two years of direct, full-time, information systems security certification and authorization professional work experience in one or more of the five domains of the CAP® CBK 
  • CSSLP – A minimum of four years of professional experience in the software lifecycle (SDLC) field in one or more of the seven domains of the CSSLP® CBK 
  • CISSP – A minimum of five years of direct, full-time security professional work experience in two or more of the ten domains of the CISSP® CBK ; *One year of work experience may be waived with a four-year or higher college degree or approved credential. 
  • CISSP Concentrations – Two years of professional work experience in the area of architecture, engineering, or management for the CISSP-ISSAP®, CISSP-ISSEP® , or CISSP-ISSMP® respectively 
  • CCFP – A four-year college degree leading to a Baccalaureate, or regional equivalent, plus three (3) years of full time digital forensics or IT security experience in at least three of the six domains of the (ISC)² CCFP CBK®
    OR-
    Six years of experience in three or more of the (ISC)² CCFP CBK®domains; *One year of work experience may be waived with an approved forensics credential. 
  • HCISPP – A minimum of two years of cumulative paid full-time work experience in one domain of the credential with the exception that one year of the cumulative experience must be in any combination of the first three domains in Healthcare (Healthcare Industry, Regulatory Environment in Healthcare, and Privacy & Security in Healthcare). The remaining one year of experience can be optionally in any of the remaining three HCISPP domains (Information Governance and Risk Management, Information Risk Assessment, and Third Party Risk Management), and does not have to be related to the Healthcare Industry. 
  • Associate of (ISC)² – If you do not meet the professional experience requirements for the credential you wish to pursue, you may still become an Associate of (ISC)². To do so, you will need to register for and pass the credential examination.

2) Study for the Exam

(ISC)² has developed several creative methods to help you achieve the knowledge necessary to obtain an (ISC)² certification.

  • (ISC)² Official Self Assessment - (ISC)² has introduced studISCope, an actual simulation of the exam situation you will face for certification. studISCope serves as an indispensable analytical study tool and personalized study planner.
  • CBK Review Seminars - (ISC)² annually offers over 600 in-classroom seminars worldwide to help you review and refresh your knowledge of information security. Official (ISC)² CBK Review Seminars are only conducted by (ISC)² Authorized Instructors, each of whom is up-to-date on the latest information security-related developments and is an expert in credential-specific domains. Or, you can sign up for (ISC)²’s Live-On-Line courses, available over the Internet in real-time – a convenient way to take advantage of our proven review seminars from your laptop or desktop anywhere in the world.
  • (ISC)² Official Textbooks - Written by a team of subject matter experts, (ISC)² official textbooks are the most updated publications reflecting the latest in information security knowledge.
  • Exam Outlines – Exam Outlines have been developed by (ISC)² to provide you with basic information about the domains covered in each specific examination.

3) Register for the Exam

  • Create an account with Pearson VUE and schedule your exam. By doing this,you will be attesting to the truth of your assertions regarding professional experience, and legally committing to the adherence of the (ISC)2 Code of Ethics.
  • Submit the examination fee.

4) Pass the Examination

Examination Scoring FAQs.  

5) Complete the Endorsement Process

Once you are notified that you have successfully passed the examination, you will be required to have your application endorsed before the credential can be awarded. An endorsement form for this purpose must be completed and signed by an (ISC)² certified professional who is an active member in good standing, and who is able to attest to your professional experience. [(ISC)² can act as an endorser for you if you cannot find a certified individual to act as one. In this case, you will need to use the Applicant Endorsement Assistance Form for the credential you are pursuing.]

Please note endorsement time limit: Those candidates who take and pass an (ISC)² examination on or after January 1, 2012 and possess the sufficient number of years of professional experience to be certified must receive their endorsement within nine (9) months from the date they receive their examination pass notice. If a candidate does not submit the endorsement application within the allotted time, the candidate will forgo the right to endorsement and will have to re-take the exam. More information available here.