Here we attempt to answer the common questions we are asked about earning the Certified Information System Security Professional certification. One of the most important things you’ll want to know are the CISSP exam requirements, so let’s get into it!

Disclaimer: This transcript was automatically generated using speech to text software. It’s imperfect, and we recommend listening to the actual video over reading this for the most accurate presentation.

Sid:

Hey everybody. It’s Sid and Chris again from Everblue. We’re here to answer some more questions about how to prepare for the CISSP exam.

So another one of our frequently asked questions about preparing for this exam is, “What are the requirements to earn my CISSP?” So, Chris can you walk us through that?

Chris: 

Yeah. So there’s a couple major CISSP exam requirements.

1. The first is going to be here after you apply for and sit and pass an exam
2. The second is going to be you have to have a certain amount of experience.

At the highest level, you’re going to sign up for the CISSP exam. You’ll need to set up an appointment at a testing center through Pearson. There’s Pearson testing centers all over the world. You’ll find one near you and set up an appointment. It could be at 10am on a Tuesday or 3pm on a Friday afternoon or whatever the time slot is that you get for your appointment.

When you walk into the testing center, the person on your left and right might be taking a totally different exam. The person on your left might be taking a nursing exam and the person on your right might be taking the LEED Exam for sustainable buildings.

The exam itself is 100 to 150 questions and lasts three hours. It’s a computer-adaptive test, meaning a couple of important things:

1. You can’t go backwards. Whether you get a question right or wrong is going to determine the next question that gets served up.
2. You have to do a minimum of 100 questions. It could take up to 150 questions. The exam is looking to see if you have a baseline level proficiency, which you may be able to demonstrate in as few as 100 questions, or it may take up to 150 questions.

Conversely, they may decide that by 100 questions you do not have sufficient knowledge and even if you answer all 150 questions you will not be able to show sufficient knowledge. In that case it will fail you when it believes that to be the case and can do so as soon as 100 questions.

The second thing is you have to have five years of experience relevant to the domains. You have to demonstrate it across it at least two of the eight domains across the CISSP credential.

The way it works is you can take the exam first and then one of three things happens:

1. You might have the five years of experience already.
2. You might not be sure.
3. You might say, “I definitely don’t have it.”

The exam is decoupled from the experience requirement in that you can go and sit for the exam and if you’ve got the experience already – that’s scenario #1 – and you are 100% sure you meet the requirement because you say, “I’ve been in this field for 20 years…” A few days later, you’ll get an email, and you’ll have to demonstrate that you comply by submitting your background information to ISC².

If you’re in a second situation where you’re just not sure, you can submit that anyway, and what happens is that if you fall into the third scenario where you don’t have the five years of experience, then you have up to six years afterwards to earn that five years of experience.

You can technically come straight out of college and sit for the exam. Now that’ll be harder because you don’t have any experience that underpins a lot of the exam and you don’t have any of that knowledge.

A couple of notes about the exam:

1. One year of the five can be met if you have a four-year degree. So if you have a four year degree then you only have to have four years of experience so there’s a tradeoff there.
2. The last piece is that you have to get a reference from an existing CISSP. It can be intimidating to some folks because they might not know one. If you don’t know one they have a program where ISC² can basically do it for you, so I wouldn’t let that stop you.

If you know someone, you just enter in their information and they’ll have to vouch for you saying that you’re an honorable person and that they are willing to be a reference for you and if not then ISC² will do that step for you.

Program where I see square to basically do before so I wouldn’t like that if you know somebody just a matter of you wearing their stuff about treatments and that you’re an honorable person.

I would not let that final step scare you. At the end of the day it’s more administrative than anything, especially compared to passing the exam.

Sid: 

Right, now so if somebody takes the exam and passes but doesn’t have the experience, they obviously can’t say that they have the CISSP certification. Is there something that they can say show that they’ve passed that exam?

Chris: 

Great question. So, what you actually get is an associate credential called Associate of ISC². So it’s a slightly different title to the credential, but it’s a way for you that it will show the world that you passed the exam and have a certain baseline level of knowledge.

You probably have a little bit more explaining because not everyone out there – Just like for watching this video somebody might not have known that – you would have to explain that you’re just waiting to meet the experience requirements.

A lot of people probably just that you’re capable of passing the exam. Once you’ve got five years of experience accumulated, you can submit the application to ISC² and then you’ll earn the full credential.

Sid: 

Thanks Chris

Chris: 
Thank you.

If you have other questions about the CISSP exam requirements, give us a call at (800) 460-2575.

Update – On June 1, 2022, (ISC)² added 25 pretest (unscored) questions to the CISSP exam, increasing the total number of questions from 100-150 to 125-175. As a result, the maximum allotted time to complete the exam has increased from three hours to four hours. There are no changes to the content of the CISSP exam; the domains and domain weights contained within have not changed.