The CISSP Exam Changes 2024: Key Details You Need to Know

The CISSP exam went through some significant updates this April 15, 2024, and if you're pursuing this prestigious cybersecurity certification, you'll want to know what's changed. Here at Destination Certification, we've been closely following the developments. I'm excited to share the key details with you and discuss why understanding these changes is essential for your certification journey.

Let’s get started!

What’s With the Exam Update?

Every few years, the CISSP exam goes through a major update to ensure it stays aligned with the ever-evolving cybersecurity landscape. On April 15, 2024, the latest revisions went into effect after an extensive Job Task Analysis (JTA) by ISC2.

This JTA process is carried out by cybersecurity professionals and CISSP holders every three years. They thoroughly review the exam content to incorporate new threats, technologies, and best practices. It's not an arbitrary change, but rather a steadfast commitment from ISC2 to keeping the CISSP certification relevant, accurate, and valuable for today's infosec leaders and professionals.

2024 CISSP Exam Changes

While the core eight domains remain intact, the 2024 update brings some adjustments to their weightings. Here are them:?

• The biggest shuffle is Domain 1 (Security and Risk Management) gaining more prominence, rising from 15% to 16% of the total exam weight. This small but meaningful increase underscores the growing importance of risk management in cybersecurity.
• To balance this out, Domain 8 (Software Development Security) has been trimmed down from 11% to 10%.?
• The other six domains retain their previous weightings, keeping the overall balance of the exam's core competencies.

But the changes go beyond just content distribution. In a major structural shift, the CISSP is now solely offered as a Computerized Adaptive Test (CAT) across all language options. This CAT format has a 3-hour time limit consisting of 100-150 questions, a tighter timeframe compared to the previous linear 6-hour, 250-question exam.

Whether you're testing in English, Chinese, German, Japanese, Korean, or Spanish, these new CAT guidelines apply universally when you take your CISSP exam on or after April 15, 2024. Scoring that coveted CISSP requires adapting to this refreshed format and updated domain focus.

Domain Changes

The CISSP exam has undergone significant revisions to ensure it continues to reflect the evolving demands and challenges of the cybersecurity landscape. These changes, implemented across various domains, incorporate the latest security practices and technologies. Below are the key updates you should be aware of:

Domain 1 - Security and Risk Management:

• New content on external dependencies for business continuity planning
• Emphasis on ongoing "scope" for risk assessments and "continuous" monitoring
• Topics like cryptocurrency, AI, blockchain added to security awareness training

Domain 3 - Security Architecture and Engineering:

• Focus on minimizing codebase, using microservices for leaner architecture
• Addition of Secure Access Service Edge (SASE) for cloud security
• New section on managing full system lifecycle for security

Domain 4 - Communication and Network Security:

• Deeper look at network architecture data/control/mgmt planes
• More on network segmentation types - VLAN, VPN, air-gapped
• New topics like micro-segmentation, edge networks, virtual private clouds
• Added network monitoring/management - observability, traffic shaping

Domain 5 - Identity and Access Management (IAM):

• New section on authentication, directory, and access control services
• Renamed section highlighting focus on groups and roles
• Added service accounts management

Domain 6 - Security Assessment and Testing:

• Considerations for testing on-prem, cloud, and hybrid environments
• Using benchmarks for security controls testing

Domain 7 - Security Operations:

• Addition of Security Orchestration, Automation and Response (SOAR)
• Emphasis on data protection at rest and in transit
• Focus on communications for disaster recovery testing

Domain 8 - Software Development Security:

• Agile frameworks like Scaled Agile added to methodologies
• New testing methods - software composition analysis, IAST
• Cloud services (SaaS, IaaS, PaaS) security assessments

Preparing for the CISSP Exam

With these comprehensive updates to the CISSP exam, preparation strategies must evolve to match the new content and testing formats. Understanding these changes is crucial to tailor your study approach effectively. Here at Destination Certification, our CISSP MasterClass has been meticulously updated to reflect these changes. Our courses are designed to equip you with the knowledge and skills necessary to excel under the revised exam structure, ensuring you are not just prepared but primed for success.

Remember, the right preparation can make a significant difference in your certification journey—trust Destination Certification to guide you through these updates with expert training and support.