Effective April 15, 2015, the CISSP Common Body of Knowledge (CBK) is changing, which affects the CISSP exam and CPEs.
According to the CISSP FAQ from ISC2:
- The 10 security domains are being reduced to 8 (see lists below for comparison).
- The change is because the material is being updated and reorganized.
- No content was removed from the CBK.
- The number of questions on the exam (250) will NOT change.
- Starting 4/15/15, CPEs will have to be submitted under the new domains (other than that, I don’t see any other CPE changes).
- Exams will be available in languages other than English after 4/15/15 (see table in FAQ), so plan accordingly.
- Similar changes will be made to the SSCP.
- Everyone’s taxes will go up on 4/15/15 (sorry, that’s a USA joke).
For more info, see the FAQ link above and this ISC2 blog post, which gives ways to contact ISC2 with questions.
Overall, I don’t see this affecting any current CISSPs very much.
In my experience, people failed the ‘old’ exam mostly due to not understanding cryptography and physical security. It will interesting to see how that is affected.
10 CISSP Domains until 4/15/15
- Access control
- Telecommunications and network security
- Information security governance and risk management
- Software development security
- Security architecture and design
- Operations security
- Business continuity and disaster recovery planning
- Legal, regulations, investigations and compliance
- Physical (environmental) security
8 CISSP Domains effective 4/15/15
- Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
- Asset Security (Protecting Security of Assets)
- Security Engineering (Engineering and Management of Security)
- Communications and Network Security (Designing and Protecting Network Security)
- Identity and Access Management (Controlling Access and Managing Identity)
- Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
- Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
- Software Development Security (Understanding, Applying, and Enforcing Software Security)