Learn About Our CCSK X CCSP Training Week

CISSP exam and domain refresh

The (ISC)2 is changing their CISSP domain weightings and the related exam.

Here’s a quick breakdown of the upcoming changes that are coming on May 1st, 2021.


First, let’s address the domains, because after all, that’s what the exam is based on.

There is ONE percent of the existing weightings changing.

Yes, one, measly percent change to the exam weightings.

However, as a sign of the times, this indicates bigger focus on Software Development Security, and less on Communication and Network Security.

Here’s the breakdown from the FAQ on the (ISC)2 website (select for full-size):

ISC2 CISSP domain weight chamges 2021

Exam format

The English version of the exam was changed to an adaptive format back in 2018. This means the allocated time for taking the exam was dropped from 6 hours down to 3 hours.

This remains the case with the 2021 refresh.

There’s an “interesting” change regarding the exam questions as well that quite frankly I’m not too sure about.

Note the difference between these two lines regarding the test question format:

2018: “Multiple choice and advanced innovative questions”

2021: “Multiple choice and advanced innovative items”

Passing grade remains a 700 out of 1000.

This does not mean 70%.

Some questions are worth more than others. Easy questions could be worth 2 points and more difficult questions could be worth 5 points.

(ISC)2 continues to emphasize experience, not memorization.

This means that you can’t expect to memorize key items and pass the exam. This is the basis of the refresh itself. They have a “Job Task Analysis” that surveys members in good standing (e.g. those who have passed the test) about the critical areas of interest for those working in the security field.

Domain topics

The topics within the domains themselves have changed somewhat.

I guess the best way to describe them at a high-level is that relevant new technologies are covered.

For example, you can now expect questions on 5G where this wasn’t an issue for the previous version of the course. It makes sense, given the goal of the (ISC)2 is to ensure the CISSP exam itself is relevant to today’s technology.

Unsurprisingly, the Software Development Security domain appears to have the most change.

Additions include:

  • Programming languages
  • Libraries
  • Tool sets
  • Integrated Development Environment (IDE)
  • Runtime
  • Continuous Integration and Continuous Delivery (CI/CD)
  • Security Orchestration Automation, and Response (SOAR)
  • Software Configuration Management (SCM)
  • Code repositories
  • Application security testing (e.g., Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)

In all, fairly standard changes to the CISSP exam to ensure the certification exam is reflective of the changing times.

If you’re studying today for your CISSP exam, don’t sweat these changes. Grab the 2021 exam outline and the 2018 exam outline to see the minor changes yourself.

My only suggestion is that when you see a new entry (like the Software Development Security domain), research the technology and add it to your knowledge base.

Intrinsec’s CISSP offering

As an authorized ISC2 Training provider, we offer the CISSP training you need.

Much more than just 5 days in and out session, you receive everything you need to pass the CISSP exam.

  • Authorized (ISC)2 instructor
  • Authorized courseware
  • Pre-test exam questions
  • Access to recorded classes
  • Post-class instructor support

2021 CISSP exam price change

One last thing you should know. The price of sitting the CISSP exam is changing on May 1st, 2021. It will now be $749, up from $699.

But there’s good news.

You don’t have to take the exam before May 1st, 2021. You just have to pay for and book the exam before May 1st, 2021.

When going through the registration process, I tried to enter a test date 13 months from the date of writing this.

I received a message stating “(ISC)2 policy requires that the appointment must be within 365 days of the date the registration was first created”.

To me, that means you can pay and book your exam for a year from now.

This reminds me of an expression I once heard: Nothing causes action like a firm deadline. By booking your exam now for a future date, you save $50 and you’re locking in your commitment to being CISSP certified.

Talk about a win-win.

Good luck on the new exam!

Posted under:

Graham Thompson is an Information Security professional with over 25 years of enterprise experience across engineering, architecture, assessment and training disciplines. He is the founder and CEO of Intrinsec Security, a leading training company that is solely focused on delivering leading authorized IT security training from partners such as the Cloud Security Alliance, ISC2, ISACA, EC-Council and CompTIA.

CCSK | CCSP: The Industry’s Leading Cloud Security Certifications - learn more

Upgrade your Skills. Secure your Potential.

Our experts provide hands-on and on-demand training that helps IT and data security professionals meet today's cyber security challenges and prepares you for a successful future.

Training Schedule Contact Us