Steps for Certification

If you’re pursuing an (ISC)² certification, the following steps will guide you through the process of achieving certification:

1. Obtain the Required Experience

The years of experience required for certification depends on the particular credential that you are pursuing. Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. The experience required for each (ISC)² certification is as follows:

  • CISSP - Candidates must have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8 domains of the CISSP CBK. Earning a 4-year college degree or regional equivalent or an additional credential from the (ISC)² approved list will waive 1 year of the required experience. Only a 1 year experience exemption is granted for education.
  • SSCP - Candidates must have a minimum of 1 year cumulative paid full-time work experience in 1 or more of the 7 domains of the SSCP CBK. 
  • CCSP - Candidates must have a minimum of 5 years cumulative paid full-time work experience in information technology, of which 3 years must be in information security and 1 year in 1 or more of the 6 domains of the CCSP CBK. Earning CSA’s CCSK certificate can be substituted for 1 year of experience in 1 or more of the 6 domains of the CCSP CBK. Earning (ISC)²’s CISSP credential can be substituted for the entire CCSP experience requirement.
  • CAP - Candidates must have a minimum of 2 years cumulative paid full-time work experience in 1 or more of the 7 domains of the CAP CBK.
  • CSSLP - Candidates must have a minimum of 4 years cumulative paid full-time Software Development Lifecycle (SDLC) professional experience in 1 or more of the 8 domains of the CSSLP CBK. Earning a 4-year college degree or regional equivalent will waive 1 year of the required experience. Only a 1 year experience exemption is granted for education. 
  • HCISPP - Candidates must have a minimum of 2 years cumulative paid full-time work experience in 1 or more knowledge areas of the HCISPP CBK that includes security, compliance, and privacy. Legal experience may be substituted for compliance and information management experience may be substituted for privacy. Of the 2 years of experience, 1 of those years must be in the healthcare industry.
  • CCFP - Candidates must have a 4-year college degree leading to a Baccalaureate, or regional equivalent, plus 3 years of cumulative paid full-time digital forensics or IT security experience in 3 or more of the 6 domains (those who do not have a degree must have 6 years of experience).
  • CISSP-ISSAP - Candidates must be a CISSP in good standing and have 2 years cumulative paid full-time work experience in 1 or more of the 6 domains of the CISSP-ISSAP CBK.
  • CISSP-ISSEP - Candidates must be a CISSP in good standing and have 2 years cumulative paid full-time work experience in 1 or more of the 5 domains of the CISSP-ISSEP CBK.
  • CISSP-ISSMP - Candidates must be a CISSP in good standing and have 2 years cumulative paid full-time work experience in 1 or more of the 6 domains of the CISSP-ISSMP CBK.
  • Associate of (ISC)² - If you do not meet the professional experience requirements for the CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, or CCFP, you may still become an Associate of (ISC)². Please Note: The CISSP Concentrations (CISSP-ISSAP, CISSP-ISSEP, and CISSP-ISSMP) are not available for the Associate of (ISC)² designation.

2. Schedule the Exam 

  • Create an account at Pearson Vue and schedule your exam.
  • Complete the Examination Agreement, attesting to the truth of your assertions regarding professional experience, and legally committing to the adherence of the (ISC)² Code of Ethics
  • Review the Candidate Background Questions.
  • Submit the examination fee.  

3. Pass the Exam

Pass the examination with a scaled score of 700 points or greater.  Read the Exam Scoring FAQs .    

4. Complete the Endorsement Process

Once you are notified that you have successfully passed the examination, you will be required to subscribe to the (ISC)² Code of Ethics and have your application endorsed before the credential can be awarded. An endorsement form for this purpose must be completed and signed by an (ISC)² certified professional who is an active member, and who is able to attest to your professional experience. With the endorsement time limit, you are required to become certified within nine months of the date of your exam or become an Associate of (ISC)². If you do not become certified or an Associate of (ISC)² within 9 months of the date of your exam, you will be required to retake the exam in order to become certified. (ISC)² can act as an endorser for you if you cannot find a certified individual to act as one. Please refer to the Endorsement Assistance Guidelines for additional information about the endorsement requirements.

5. Maintain the Certification

Recertification is required every three years, with ongoing requirements to maintain your credentials in good standing. This is primarily accomplished through continuing professional education (CPE) credits. More information on qualifying CPEs will be available upon certification. All certifications also require an annual maintenance fee.  For more details, please visit our certification pages for CISSP, SSCP, CAP, CSSLP, CCFP, CCSP or HCISPP. 

Audit Notice*

Passing candidates will be randomly selected and audited by (ISC)² prior to issuance of any certificate. Multiple certifications may result in a candidate being audited more than once.