CISSP exam and domain refresh


The (ISC)2 is changing their CISSP domain weightings and the related exam.
Here’s a quick breakdown of the upcoming changes that are coming on May 1st, 2021.
Domains
First, let’s address the domains, because after all, that’s what the exam is based on.
There is ONE percent of the existing weightings changing.
Yes, one, measly percent change to the exam weightings.
However, as a sign of the times, this indicates bigger focus on Software Development Security, and less on Communication and Network Security.
Here’s the breakdown from the FAQ on the (ISC)2 website (select for full-size):
Exam format
The English version of the exam was changed to an adaptive format back in 2018. This means the allocated time for taking the exam was dropped from 6 hours down to 3 hours.
This remains the case with the 2021 refresh.
There’s an “interesting” change regarding the exam questions as well that quite frankly I’m not too sure about.
Note the difference between these two lines regarding the test question format:
2018: “Multiple choice and advanced innovative questions”
2021: “Multiple choice and advanced innovative items”
Passing grade remains a 700 out of 1000.
This does not mean 70%.
Some questions are worth more than others. Easy questions could be worth 2 points and more difficult questions could be worth 5 points.
(ISC)2 continues to emphasize experience, not memorization.
This means that you can’t expect to memorize key items and pass the exam. This is the basis of the refresh itself. They have a “Job Task Analysis” that surveys members in good standing (e.g. those who have passed the test) about the critical areas of interest for those working in the security field.
Domain topics
The topics within the domains themselves have changed somewhat.
I guess the best way to describe them at a high-level is that relevant new technologies are covered.
For example, you can now expect questions on 5G where this wasn’t an issue for the previous version of the course. It makes sense, given the goal of the (ISC)2 is to ensure the CISSP exam itself is relevant to today’s technology.
Unsurprisingly, the Software Development Security domain appears to have the most change.
Additions include:
- Programming languages
- Libraries
- Tool sets
- Integrated Development Environment (IDE)
- Runtime
- Continuous Integration and Continuous Delivery (CI/CD)
- Security Orchestration Automation, and Response (SOAR)
- Software Configuration Management (SCM)
- Code repositories
- Application security testing (e.g., Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
In all, fairly standard changes to the CISSP exam to ensure the certification exam is reflective of the changing times.
If you’re studying today for your CISSP exam, don’t sweat these changes. Grab the 2021 exam outline and the 2018 exam outline to see the minor changes yourself.
My only suggestion is that when you see a new entry (like the Software Development Security domain), research the technology and add it to your knowledge base.
Intrinsec’s CISSP offering
As an authorized ISC2 Training provider, we offer the CISSP training you need.
Much more than just 5 days in and out session, you receive everything you need to pass the CISSP exam.
- Authorized (ISC)2 instructor
- Authorized courseware
- Pre-test exam questions
- Access to recorded classes
- Post-class instructor support
2021 CISSP exam price change
One last thing you should know. The price of sitting the CISSP exam is changing on May 1st, 2021. It will now be $749, up from $699.
But there’s good news.
You don’t have to take the exam before May 1st, 2021. You just have to pay for and book the exam before May 1st, 2021.
When going through the registration process, I tried to enter a test date 13 months from the date of writing this.
I received a message stating “(ISC)2 policy requires that the appointment must be within 365 days of the date the registration was first created”.
To me, that means you can pay and book your exam for a year from now.
This reminds me of an expression I once heard: Nothing causes action like a firm deadline. By booking your exam now for a future date, you save $50 and you’re locking in your commitment to being CISSP certified.
Talk about a win-win.
Good luck on the new exam!