What are the Top 8 CISSP Domains? Explained

What are the Top 8 CISSP Domains Explained

Certifications are an excellent alternative for you if you want to scale through the IT (Information Technology) profession. The Certified Information Systems Security Professionals (CISSP) module is one of the industry's most well-known and esteemed qualifications. The international non-profit organisation (ISC)2 oversees CISSP certification, which certifies a professional's capacity to implement and manage security architectures for their organisation.  

The total number of CISSP members as of 1st January 2022 is 152,632. Currently, the pass rate of CISSP is 20% approximately, and the minimum passing percentage is 70%. 

Table of Contents 

1) About CISSP 

2) What are the 8 domains of CISSP? 

3) Prerequisites and Exam Qualifications for CISSP Certifications 

4) CISSP 8 domains explained 

5) Conclusion 

About CISSP 

The Certified Information Systems Security Professional (CISSP) is one of the most recognised and in-demand information security certifications to validate Cybersecurity expertise. The CISSP professional possesses immense knowledge and experience in developing and managing security architects for the organisation.  

The International Information System Security Certification Consortium (ISC)² is a non-profit organisation formed to create and maintain the CISSP Domains and conducts exams worldwide.  

The eight domains that enfold the CISSP Common Body of Knowledge (CBK) include every significant aspect of information security outlined by the CISSP domains. To be certified, a candidate must demonstrate proficiency across all the domains.

CISSP Training

What are the 8 domains of CISSP? 

Below is a list of 8 domains of CISSP offered under this certification. 

1) Security and Risk Management 

2) Asset Security 

3) Security Architecture and Engineering 

4) Communications and Network Security 

5) Identity and Access Management 

6) Security Assessment and Testing 

7) Security Operations 

8) Software Development Security

Join Chief Information Security Officer Training course today! 

Prerequisites and Exam Qualifications for CISSP Certifications

To be eligible for this certification, a candidate must have five years of work experience in at least two or more CISSP Domains. These CISSP security domains and CISSP domains provide information on the international standards that cybersecurity experts around the world adhere to. 

Prerequisites of CISSP

Let us go through the requirements for you to become a CISSP Certified professional.

To apply for the CISSP Exam, the candidate must possess five years of work experience in information security. Have two of the eight (ISC)² CISSP security domains in your work experience (CBK).  

You may be permitted for one-year remission/cancellation of the professional experience requirement if you possess at least one of the following benchmarks:  

1) You graduated from a four-year college.   

2) You hold an academic degree with honours from the National Center of Academic Excellence in Information Security.  

3) You have a certification from the (ISC)² -approved list, such as - Microsoft Certified Systems Engineer (MCSE), Certified Information Systems Auditor (CISA), and CompTIA Security+.   

Irrespective of possessing two or more categories from the above list (For example, College degree + MCSE/CISA), you are eligible for one year of remission from the five-year professional experience requirement.   

Examination Plan of Action 

Currently, the pass rate of CISSP is approximately 20%, and the minimum passing percentage is 70%. For this reason, you must get a minimum passing score of 700 out of 1000 to clear the CISSP Exam. The exam proceeds with 250 questions from the eight domains with a set time of 6 hours.  

This CISSP Linear Exam pattern comprises a combination of Multiple-choice questions and Advanced thought-provoking questions. The CISSP Linear Exam is available in Chinese, German, Japanese, Korean and Spanish.  

The candidates appearing for the CISSP CAT Common Body of Knowledge (CBK) exam will be assessed on CISSP 8 domains. The four-hour CISSP exam consists of 125 - 175 multiple-choice and innovative questions. The candidate must score at least 70% on the test to succeed. The passing score is 700 out of 1000 points, leading to a few debates on how challenging it is to pass the exam. The language availability for CISSP CAT Exams is only English.  

Underlining the vital issues that cybersecurity professionals face, the CISSP is revised a few times to include recommended practices to mitigate the flaws.   

Want to be a professional in IS Security? Now, you can gain in-depth knowledge in CISSP Certified Information System Security Professional Training. 

What is (ISC)² CISSP CBK? 

The (ISC)² CBK is a collection of subjects crucial to cybersecurity experts all around. Given the fact cybersecurity and IT/ICT professionals can communicate, argue, and resolve all the disputes relating to their field using a common language, taxonomy, and lexicon from all over the world. It establishes a standard framework and has a set of principles and information security concepts.   

The reason (ISC)² was formed is also to collect, standardise, and maintain the (ISC)² CBK for all the security specialists spread worldwide. The (ISC)² domains, drawn from a range of subjects, are designed to assess a candidate's level of proficiency in the most crucial information security areas.  

A CBK - often referred to as a "Common Body of Knowledge", is a compilation of knowledge created by peers. It includes the abilities, methods, and practises frequently employed by competent professionals in an industry. 

Upgrade yourself with Chief Information Security Officer Training Now! 

CISSP 8 Domains Explained 

The candidate must prove his expertise in all the domains of CISSP. Let us understand the CISSP 8 domains in depth: 

CISSP Domains

1) Security And Risk Management  

1) The CISSP Exam weighs up around 15% on average. This CISSP domain consists of most of the content, providing you with an overview of the information systems management you need to know. It comprises-   

2) Understand professional ethics  

3) Security governance principles and concepts  

4) Compliance and other requirements   

5) Understanding legal and regulatory issues in the context of Information security   

6) Personnel security policies and procedures   

7) Risk-based management concepts   

2) Asset Security  

This CISSP domain focuses on data protection, management and safety controls. The content picked from here is roughly 10% for the CISSP exam. It includes the abilities of many jobs about data management, information ownership & processing, privacy concerns, and limitations. It includes-  

1) Data lifecycle management 

2) Data security controls and compliance 

3) Data privacy & safeguarding  

4) Information and Asset Retention  

5) Compliance requirements 

3) Security Architecture And Engineering  

Security architecture and engineering address up to 13% of the CISSP exam. Numerous significant concepts and information about security are covered in this sector, which includes-   

1) Research, implement and manage engineering processes using secure design principles  

2) Understanding the fundamental concepts of security models  

3) Understanding security capabilities and controls based on security requirements  

4) Assessing and mitigating vulnerabilities in security systems  

5) Methods of Cryptanalytic attacks 

6) Designing and facilitating security controls 

4) Communications And Network Security  

This CISSP domain implicates multilayer protocols to establish and maintain network security. It includes about 13% of the content for the CISSP exam. It instructs on the capacity to build trustworthy network security and communication channels.  

The questions on communication networks, diverse network design characteristics, media transmission, and wireless communications will be conferred to the candidates appearing in the exam. Communications and Network security includes -  

1) Assessing and implementing secure design principles 

2) Protecting network components 

3) Methods to implement secure communication channels.  

5) Identity and Access Management  

The identity and access management domain includes about 13% of the content in the CISSP exam. This domain aids Information security professionals in better understanding how to limit users' access to data information. It comprises-   

1) Methods to control physical and logical access to assets  

2) Identification and authentication of people, devices, and services. 

3) Centralised third-party identification service  

4) Implement authentication systems 

5) Identity and access provisioning lifecycle  

6) Security Assessment and Testing  

This CISSP domain covers the methods and tools used to evaluate the security of processes and identify flaws and errors in layout or code, vulnerabilities, and potentially dangerous regions that rules and systems are unable to address. It comprises roughly 12% of the CISSP exam. Security testing and assessment include:  

1) Disaster recovery  

2) Awareness training for clients 

3) Vulnerability assessment and penetration testing  

4) Business continuity plans  

7) Security Operations  

1) The security operations have about 13% of content devoted to the CISSP exam. It includes:   

2) Understand and abide by investigations   

3) Configuration Management   

4) Logging and monitoring activities   

5) Securing resources   

6) vulnerability management  

7) Apply foundational security operations concepts   

8) Applying resource protection techniques   

9) Conduct Incident management   

10) Implement and test a disaster recovery   

11) Manage and Implement personnel safety and security   

12) Planning Business continuity   

8) Software Development Security

This topic covers CISSP security operations, involving about 11% of the content in the CISSP exam. Software Development Security conducts a detailed study of software security systems comprising -   

1) Security integration in SDLC (Software Development Life Cycle) 

2) Detect and apply security controls 

3) Assessing software's security impact 

4) Apply secure coding guidelines and standards

CISSP Certification


In this blog post, we have covered almost everything relevant to CISSP certifications and the top 8 (ISC)² CISSP domains that cover the comprehensive aspects of information security. We have also covered the CISSP Exam qualifications and prerequisites for candidates to appear for this certification.  

Are you interested in setting up a career in IT/IS Security? Then, this CISSP Training is for you. 

Back to top