Effective April 15, 2015, the CISSP Common Body of Knowledge (CBK) is changing, which affects the CISSP exam and CPEs.

According to the CISSP FAQ from ISC2:

  •  The 10 security domains  are being reduced to 8 (see lists below for comparison).
  • The change is because the material is being updated and reorganized.
  • No content was removed from the CBK.
  • The number of questions on the exam (250) will NOT change.
  • Starting 4/15/15, CPEs will have to be submitted under the new domains (other than that, I don’t see any other CPE changes).
  • Exams will be available in languages other than English after 4/15/15 (see table in FAQ), so plan accordingly.
  • Similar changes will be made to the SSCP.
  • Everyone’s taxes will go up on 4/15/15 (sorry, that’s a USA joke).

For more info, see the FAQ link above and this ISC2 blog post, which gives ways to contact ISC2 with questions.

Overall, I don’t see this affecting any current CISSPs very much.

In my experience, people failed the ‘old’ exam mostly due to not understanding cryptography and physical security. It will interesting to see how that is affected.

10 CISSP Domains until 4/15/15

  1. Access control
  2. Telecommunications and network security
  3. Information security governance and risk management
  4. Software development security
  5. Cryptography
  6. Security architecture and design
  7. Operations security
  8. Business continuity and disaster recovery planning
  9. Legal, regulations, investigations and compliance
  10. Physical (environmental) security

8 CISSP Domains effective 4/15/15

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security)
  4. Communications and Network Security (Designing and Protecting Network Security)
  5. Identity and Access Management (Controlling Access and Managing Identity)
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security)


Filed under Certification, Security

6 responses to “CISSP CBK Changes

  1. Pingback: CISSP CBK Changes |

  2. Maybe it’s just me, but I feel like the old domains (at least the titles) were more intuitive. Maybe it’s just because I’m used to them.


  3. eu tax

    At least USA jokes are about the tax increase, in Europe we joke about tax decrease :(


  4. Can you recommend any study materials for the new exam?
    Are the old materials still relevant (the AiO by Shon Harris)
    Thanks for your thoughts.


    • Errol,
      In my opinion, the Shon Harris materials should still be fine. The principles of security haven’t changed. Just make sure you get the ISC2 book too. Just don’t overstudy on the technical side (easier said than done).


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.