Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*

What’s New in the CISSP Certification Exam in 2024?

In an era where data breaches, cyberattacks, and digital threats are becoming increasingly sophisticated and prevalent, the need for highly skilled and certified information security professionals has never been more critical. The Certified Information Systems Security Professional (CISSP) certification is a globally recognized and highly esteemed credential that plays a pivotal role in cybersecurity.

What’s New in the CISSP Certification Exam in 2024

Introduction to CISSP

CISSP is a prestigious certification provided by the (ISC)2 or International Information System Security Certification Consortium. The CISSP certification ensures the extensive technical and managerial expertise of an information security professional, enabling them to proficiently oversee, design, and maintain an organization’s comprehensive security framework.

The CISSP exam undergoes an update every three years to align with the ever-evolving trends and advancements in the cybersecurity field. ISC2 is scheduled to introduce the next update to the CISSP certification exam on April 15, 2024.

Old vs. New CISSP Domains

Old vs. New CISSP Domains

Changes in CISSP Domains

As mentioned above, the new updated CISSP certification exam changes the weightage for Domain 1, Security and Risk Management, has been slightly raised from 15% to 16%, whereas the weightage for Domain 8, Software Development Security, has seen a minor reduction from 11% to 10%.

Overview of New CISSP Exam Domains

Domain 1: Security and Risk Management (16%)

Domain 1 in the CISSP exam carries a substantial 16% weightage, making it a crucial area of focus. It covers topics such as professional ethics, security concepts, governance principles, legal and regulatory issues, and risk management. This domain emphasizes the importance of technical knowledge and ethical and governance considerations, reflecting the comprehensive nature of the CISSP certification exam.

Domain 2: Asset Security (10%)

Domain 2 of the CISSP exam holds a weightage of 10% and is centered around information and asset management. It encompasses the identification and classification of data and assets, the establishment of secure handling requirements, and the provision of resources securely. Additionally, candidates must manage the entire data lifecycle, from collection to destruction, ensuring appropriate asset retention. Understanding data security controls, compliance requirements, and data protection methods like Digital Rights Management (DRM) and Data Loss Prevention (DLP) is crucial within this domain.

Domain 3: Security Architecture and Engineering (13%)

Domain 3, Security Architecture and Engineering, holds a 13% weightage on the CISSP exam and is dedicated to fortifying security practices within systems and infrastructures. It includes implementing secure design principles, understanding security models, selecting controls, and assessing vulnerabilities in various systems, from client-based to cloud-based. The domain also covers cryptographic solutions, cryptanalysis methods, and site/facility security design principles, encompassing everything from server rooms to environmental considerations.

Domain 4: Communication and Network Security (13%)

Domain 4, Communication and Network Security, holds a 13% weightage in the CISSP exam and is pivotal for establishing secure network designs and communication channels. It encompasses secure design principles, hardware operations, and transmission media. This domain also secures voice, data, and multimedia communication channels, including virtualized networks and third-party connections.

Domain 5: Identity and Access Management (IAM) (13%)

Domain 5, Identity and Access Management (IAM) holds a 13% weightage on the CISSP exam, focusing on controlling access and managing identities. It addresses regulating physical and logical access to assets, identity management, authentication methods, and authorization mechanisms. IAM also covers the identity and access provisioning lifecycle, extending to federated identity management with third-party services in various environments. It emphasizes implementing authentication systems like OpenID Connect, SAML, Kerberos, and RADIUS/TACACS+.

Domain 6: Security Assessment and Testing (12%)

Domain 6, Security Assessment and Testing, with a 12% weightage on the CISSP exam, is crucial for evaluating and testing security. It involves designing internal, external, and third-party evaluation assessment and audit strategies. The domain includes security control testing, data collection, test output analysis, and report generation for remediation. Security audits are a significant part, covering internal, external, and third-party assessments.

Domain 7: Security Operations (13%)

Domain 7, Security Operations, accounting for 13% of the CISSP exam, encompasses many critical security operations. This includes understanding investigations, conducting logging and monitoring, configuration management, resource protection, incident management, and operating preventive measures like firewalls and anti-malware. The domain also addresses patch and vulnerability management, change processes, recovery strategies, and disaster recovery planning. Furthermore, it covers business continuity, physical security controls, and personnel safety considerations.

Domain 8: Software Development Security (10%)

Domain 8, Software Development Security, contributes 10% to the CISSP exam, emphasizing the incorporation of security measures into the Software Development Life Cycle. It encompasses development methodologies, security controls in software ecosystems, assessing software security, and evaluating the security impact of acquired software. Additionally, it emphasizes secure coding guidelines, including identifying vulnerabilities and secure coding practices.

CISSP Exam Information


Old New
Certification Certified Information Systems Security Professional (CISSP)
Launch Date Effective May 1, 2021 Effective April 15, 2024
Exam Duration 4 Hours 3 Hours
Number of Questions 125 – 175 100 – 150
Exam Format Multiple-choice and advanced innovative questions
Passing Score 700 out of 1000 points
Exam Language English
Exam Center (ISC)² Authorized PPC and PVTC Select Pearson VUE Testing Centers

Changes in CISSP Exam Format

Starting from April 15, 2024, candidates sitting for the CISSP exam will have a maximum of three (3) hours to complete it. In this version of the exam, candidates can expect to encounter a minimum of 100 and a maximum of 150 questions.

CISSP with InfosecTain

InfosecTrain provides a comprehensive instructor-led training program encompassing all the CISSP profession’s essential domains. To pursue this training course and achieve certification, you can explore and register for the Certified Information Systems Security Professional (CISSP) training, which will prepare you to pass the certification exam successfully.



Start Date End Date Start - End Time Batch Type Training Mode Batch Status
02-Mar-2024 07-Apr-2024 09:00 - 13:00 IST Weekend Online [ Open ]
11-Mar-2024 22-Mar-2024 07:00 - 12:00 IST Weekday Online [ Close ]
16-Mar-2024 21-Apr-2024 19:00 - 23:00 IST Weekend Online [ Open ]
06-Apr-2024 12-May-2024 09:00 - 13:00 IST Weekend Online [ Open ]
13-Apr-2024 19-May-2024 19:00 - 23:00 IST Weekend Online [ Open ]
04-May-2024 16-Jun-2024 19:00 - 23:00 IST Weekend Online [ Open ]
11-May-2024 16-Jun-2024 09:00 - 13:00 IST Weekend Online [ Open ]
01-Jun-2024 07-Jul-2024 19:00 - 23:00 IST Weekend Online [ Open ]
My name is Pooja Rawat. I have done my in Instrumentation engineering. My hobbies are reading novels and gardening. I like to learn new things and challenges. Currently I am working as a Cyber security Research analyst in Infosectrain.
CISA QA Session for Aspiring Auditors