CISSP certification cost and requirements (2024): Your complete preparation guide
The Certified Information Systems Security Professional (CISSP) certification is recognized worldwide as a badge of excellence for cybersecurity professionals. It indicates to employers that you have a broad understanding of cybersecurity plus experience in the cybersecurity field, which is why it’s the most requested certification in U.S. job listings.
In this article, we discuss CISSP certification costs and the prerequisites for getting certified. Using this information, you can strategize how and when to earn your certification.
Earn your CISSP, guaranteed!
Understanding CISSP certification
The CISSP certification is designed and issued by the International Information System Security Certification Consortium (ISC2), and it serves as proof of a candidate’s knowledge and skills in a range of information security disciplines. It consists of eight domains:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
These eight domains require candidates to have a broad range of cybersecurity knowledge in order to pass the exam and obtain certification.
Prerequisites for CISSP certification
To earn your CISSP certification, you have to have at least five years of cumulative, full-time work experience in at least two of the eight domains mentioned above. You can satisfy as much as one year of required experience by earning a bachelor’s or master’s degree in computer science, information technology or a connected field. Another way to earn up to one year of qualifying experience is to get another credential from the ISC2’s approved list. You can find the list of credentials on ISC2’s site, but some include:
- CompTIA Security+
- CompTIA Advanced Security Practitioner (CASP+)
- AWS Certified Security - Specialty
- Certified Information Systems Auditor (CISA)
Common questions around CISSP requirements include:
- Can a beginner get CISSP certification? This certification isn’t designed for those who have no experience in cybersecurity. Rather, it’s geared towards those who want to leverage their experience to pursue higher-paying positions, so it’s a common cybersecurity manager certification. You need to meet the experiential requirements outlined above to get your official CISSP certification.
- Can you take the CISSP without any experience? Yes. You can still take the CISSP exam even if you don’t have experience, but you will not earn your full certification. Instead, the ISC2 will grant you the title of Associate of ISC2. Then, you have up to six years to earn the five years of necessary experience.
Breakdown of CISSP certification costs
The CISSP exam costs $749 at the time of this writing (but see the ISC2 website for the most up-to-date pricing). If you have to reschedule your exam, there’s a $50 fee, and if you cancel your exam, there is a $100 fee.
In addition to the actual cost of paying for the exam, it’s a good idea to factor in expenses associated with:
- Study materials: For instance, the Official CISSP Study Guide from Sybex costs around $60 on Amazon.
- Training course fees: The amount you end up paying will vary depending on the type of training you choose. A live CISSP Certification Boot Camp costs more than on-demand CISSP training courses; however, a boot camp usually includes all the other costs mentioned here.
- Membership fees: Once you hold your CISSP certification, you must pay an annual maintenance fee of $135, which also serves as your ISC2 membership fee.
Also, if you become an associate of ISC2 by passing the exam before having the necessary experience, you must pay an annual maintenance fee of $50.
Preparing for the CISSP exam
To put yourself in the best position to pass the exam, you can take advantage of the following study materials and resources:
- Official ISC2 publications, such as the organization’s CISSP study guide and practice tests, give an overview of the eight domains, each domain’s content and the kinds of questions you can expect to encounter.
- Third-party prep courses: Courses from reputable providers, such as Infosec’s CISSP training, can give you a strategic edge because they provide deep, focused learning experiences custom-designed to help you ace the exam.
- Online communities: You can access discussion boards, such as Reddit’s CISSP board or TechExam's CISSP board, to learn from others' experiences and get tips from those who’ve passed the test.
- Practice exams: In addition to the free practice questions offered by ISC2, you can also purchase full practice exams online or use the practice exams provided in third-party prep courses.
Earn your CISSP, guaranteed!
Even though your prep routine will vary according to your learning style, here are some best practices that others have found helpful:
- Develop a systematic study plan: Set aside time each day, and make sure you cover each domain thoroughly. If you come across a challenging topic, it’s good to swing back and revisit it later.
- Use a range of resources: For example, a combination of practice tests, study guides and guided instruction is often more beneficial than training with only one method.
- Set up a practice schedule: You should take practice exams periodically because they reinforce your knowledge and help you get used to tackling many questions in a single sitting.
- Strengthen your weaknesses: If you feel less confident in certain domains, spend time strengthening those areas. Similarly, if you feel confident but end up scoring low on a certain domain on a practice test, use this as feedback and circle back to those topics.
Value of CISSP certification in 2024 and beyond
Many professionals use the CISSP certification to differentiate themselves from other candidates in the field. As a result, it’s common for those with this certification to enjoy:
- Better job prospects: Some employees require CISSP certification before applying for leadership roles or senior positions. In fact, the CISSP is the most requested certification in U.S. job listings.
- Higher salaries: Those with their CISSP certification may earn more than those without because some companies feel more comfortable increasing compensation for certified professionals. Read our CISSP salary guide for more information.
- Enhanced professional development: Because earning your CISSP certification demonstrates a commitment to cybersecurity excellence, having this in your professional development portfolio can make it easier to advance your career.
The CISSP has remained a top-requested certification for many years, and its value doesn’t appear to be slowing down. By hiring CISSP-certified staff, organizations can ensure those new hires have the validated knowledge and on-the-job experience needed to help keep data and systems secure.
CISSP vs other cybersecurity certifications
There are many cybersecurity certifications you can earn. Comparing the costs, prerequisites and career relevance can make it easier to see if getting your CISSP is the best move. Here are some of the more popular CISSP alternatives:
Certified Information Security Manager (CISM)
The CISM certification is a common alternative (or addition to) the CISSP. While the CISSP is broader and more technical, the CISM focuses more on cybersecurity management. Read our CISSP vs. CISM article for more information.
- Cost: $575 for ISACA members and $760 for non-members
- Required experience: Similar to CISA, CISM certification also requires five years of work experience, but it only needs to be in information security management.
- Career relevance: The CISM may be a good fit for those aiming for cybersecurity leadership positions.
Certified Ethical Hacker (CEH)
The CEH is a more entry-level certification focused on offensive security. CompTIA also offers a mid-level offensive-focused certification in the PenTest+ and a mid-level defensive-focused certification in the CySA+. If you’re looking for a more targeted technical certification, these are popular options.
- CEH cost: The price varies based on the prep course provider, which often includes the cost of an exam voucher in its fees.
- CEH required experience: You should have at least two years of experience in cybersecurity or have already finished a training course from an authorized EC-Council provider.
- Career relevance: This certification is designed for those who want to focus on ethical (white hat) hacking and other kinds of offensive security, such as participating in red team/blue team exercises.
Certified Information Systems Auditor (CISA)
If you’re not looking for a career in management or technical cybersecurity, consider a career focused on risk management or auditing. The CISA is the most popular certification for those considering a career in security auditing.
- Cost: $575 for ISACA members and $760 for non-members.
- Required experience: You need to have five years of IT security or auditing experience.
- Career relevance: Earning your CISA is a good choice for those looking to get into IT and security auditing and compliance assurance positions.
Why CISSP certification is right for you
Considering the professional payoff that comes from earning your CISSP certification, many find the costs relatively reasonable. Your ROI comes in several forms, such as pay increases, better positions and more interview opportunities. Also, if you have a cybersecurity job you love, your CISSP certification can instill even more confidence in your employer simply because it demonstrates your commitment to professional development.
When deciding whether to get your CISSP certification, consider the long-term value it brings to advancing your cybersecurity career.
Earn your CISSP, guaranteed!
FAQs
What are the ongoing maintenance requirements and costs for keeping the CISSP certification active?
To maintain your CISSP certification, you need to either earn 40 continuing professional education (CPE) credits each year for three years or acquire a total of 120 by the end of three years.
How does CISSP certification compare to other cybersecurity certifications in terms of ROI?
The CISSP compares well with other cybersecurity certifications in terms of ROI because it is widely recognized worldwide as a high-quality certification, and hiring managers frequently use it to quickly validate knowledge and experience.
What are the minimum requirements for CISSP, and how can professionals meet them?
You must have at least five years of cumulative, full-time work experience in at least two of the eight domains on the exam. You can satisfy one year of required experience by earning a bachelor’s or master’s degree in computer science, information technology or a connected field. You can also earn up to one year of qualifying experience by getting another credential from the ISC2’s approved list.
- Exam Pass Guarantee
- Live expert CISSP instruction
- CISSP exam voucher
In this Series
- CISSP certification cost and requirements (2024): Your complete preparation guide
- CISSP certification - The ultimate guide [updated 2021]
- CISSP domains overview (2024): Your complete preparation guide
- CISSP certification salary: A comprehensive 2024 salary guide
- Definition & types of access control models & methods (updated 2023)
- CISSP domain 4: Communications and network security — What you need to know for the exam [2022 update]
- CISSP domain 5: Identity and access management — What you need to know for the exam [Updated 2022]
- CISSP domain 7: Security operations — What you need to know for the exam [Updated 2022]
- CISSP domain 6: Security assessment and testing — What you need to know for the exam [Updated 2022]
- CISSP domain 8 overview: Software development security — What you need to know for the exam [Updated 2022]
- CISSP and DoD 8570/8140: What you need to know [Updated 2022]
- Top 10 CISSP interview questions [Updated 2022]
- CISSP domain 1: Security and risk management — What you need to know for the exam
- The ISC2 code of ethics: A binding requirement for certification
- The CISSP experience waiver [updated 2022]
- Earning CPE credits to maintain the CISSP
- Renewal requirements for the CISSP [updated 2022]
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- CISSP job outlook [updated 2022]
- CISSP resources: Books, practice exams and other study tools [updated 2022]
- CISSP exam questions: 5 drag & drop and hotspot questions
- Risk management concepts and the CISSP (Part 2) [Updated 2022]
- What is the CISSP-ISSAP? Information Systems Security Architecture Professional [updated 2021]
- Average ISSEP Salary in 2021
- Average ISSMP Salary [updated 2021]
- CISSP domain 3: Security engineering CISSP - What you need to know for the exam [2022 update]
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring [updated 2021]
- What is the CISSP-ISSEP? Information Systems Security Engineering Professional [updated 2021]
- Information and asset classification in the CISSP exam
- CISSP domain 2: Asset security - What you need to know for the Exam [updated 2021]
- 8 tips for CISSP exam success [updated 2021]
- Risk management concepts and the CISSP (part 1) [updated 2021]
- Average ISSAP Salary in 2021
- What is the CISSP-ISSMP? Information Security System Management Professional [updated 2021]
- CISSP concentrations (ISSAP, ISSMP & ISSEP) [updated 2021]
- Due care vs. due diligence and the CISSP
- CISSP prep: Security policies, standards, procedures and guidelines
- Vulnerability and patch management in the CISSP exam
- Data security controls and the CISSP exam
- Logging and monitoring: What you need to know for the CISSP
- Data and system ownership in the CISSP exam
- CISSP Prep: Mitigating access control attacks
- CISSP Domain 5 Refresh: Identity and Access Management
- Identity Governance and Administration (IGA) in IT Infrastructure of Today
- CISSP CAT Exam Deep Dive: Study Tips from InfoSec Institute Alum Joe Wauson
- CISSP: Incident management
- CISSP: Business continuity planning and exercises
- CISSP: Perimeter defenses
- CISSP: Secure communication channels
- Environmental controls and the CISSP
- CISSP: Disaster recovery processes and plans
