Security20 min read

ASIS CPP Study Guide 2026: Cost, Domains & Pass Tips

ASIS CPP certification study guide for 2026. Covers exam cost, all 7 security domains with current weights, eligibility, references, and how to pass.

Ran Chen, EA, CFP®March 5, 2026

Key Facts

  • The ASIS CPP exam has 225 questions (200 scored plus 25 unscored pretest) and a 4-hour time limit (ASIS International).
  • CPP candidates need at least 5 years of security experience, with 3 years in responsible charge of a security function (ASIS).
  • Without a degree, CPP eligibility requires 9 years of security experience; a bachelor's reduces it to 6 years (ASIS).
  • The CPP exam covers 7 domains: Security Principles, Business Principles, Investigations, Personnel Security, Physical Security, Information Security, and Crisis Management.
  • Security Principles and Practices is the largest CPP domain at 22%, followed by Physical Security at 16% (ASIS Body of Knowledge).
  • The 2026 CPP application fee is $580 for ASIS members and $910 for non-members, including a $160 non-refundable processing fee.
  • ASIS scores the CPP on a scaled basis, so no fixed percentage of correct answers guarantees a pass (ASIS Certification Handbook).
  • The CPP reference set is Protection of Assets plus seven ASIS standards and guidelines (CSO, ORM.1, SRA, WVPI.1, PAP, IAP, PBS).
  • CPP recertification requires 60 Continuing Professional Education (CPE) credits every 3 years (ASIS).
  • ASIS International represents more than 34,000 security professionals across 140-plus countries.

📺 Watch the Video

Complete ASIS CPP Certification Study Guide for 2026

The Certified Protection Professional (CPP) is the gold standard certification for security management professionals. Whether you're aiming to advance your career, increase your earning potential, or validate your expertise, this comprehensive guide will help you pass the CPP exam on your first attempt.

free CPP practice questionsPractice questions with detailed explanations

What is the CPP Certification?

The CPP is ASIS International's premier security management certification. It demonstrates mastery of security management principles and practices across multiple disciplines.

Why Earn Your CPP?

BenefitImpact
Higher SalaryCPP holders earn $130,000-$150,000 median
Career AdvancementRequired for senior security positions
Industry RecognitionGlobally respected credential
Professional CredibilityValidates expertise to employers
Network AccessConnect with 34,000+ ASIS members
Job SecurityPreferred for leadership roles

The CPP sits alongside three other ASIS credentials: APP (Associate Protection Professional, an entry-level management cert), PSP (Physical Security Professional), and PCI (Professional Certified Investigator). The CPP is the senior, broadest of the four. Holding an APP shortens your CPP experience requirement by one year.


CPP Exam Overview

FeatureDetails
Total Questions225 (200 scored + 25 unscored pretest)
Duration4 hours
Passing ScoreScaled score set by ASIS (no fixed percentage)
2026 Cost$580 (members) / $910 (non-members), incl. $160 processing fee
FormatMultiple-choice, computer-based at a Pearson VUE test center or remotely proctored
Domains7 (see weights below)
AccreditationANAB/ANSI ISO 17024 accredited; SAFETY Act designated

Note on the passing score: ASIS does not publish a fixed pass percentage. The CPP is scored on a scaled basis and each exam form is statistically equated, so your scaled score must clear the cut score ASIS sets. Treat "answer roughly two-thirds correctly" as a rough study target, not an official threshold.


CPP Eligibility Requirements

ASIS frames CPP eligibility around at least five years of security experience, with three years in responsible charge of a security function. Your education level determines the exact number of years, and an APP credential trims one year off any path.

Education and Experience Pathways

EducationSecurity ExperienceExperience with APP credentialResponsible Charge
Master's Degree5 years4 years3 years
Bachelor's Degree6 years5 years3 years
No Degree9 years8 years3 years

Key Definitions:

  • Security Experience: Full-time employment in a security-related role.
  • Responsible Charge: A position where you make decisions to complete security objectives without relying on a superior for specific methods. You do not need a formal supervisory title, as long as you held genuine security-program management responsibility.

Candidates must also have no disqualifying criminal convictions and must agree to the ASIS Certification Code of Conduct.

Acceptable Security Experience

  • Corporate security management
  • Law enforcement (with security duties)
  • Military (security, MP, intelligence)
  • Loss prevention
  • Risk management
  • Information security
  • Investigations
  • Physical security design/consulting

CPP Exam Domains (7 Areas)

The domain weights below come straight from the current ASIS CPP Body of Knowledge. Security Principles and Physical Security carry the most questions, but Information Security (14%) and Crisis Management (13%) are heavier than many candidates expect, so do not treat them as afterthoughts.

DomainWeight
1. Security Principles and Practices22%
2. Business Principles and Practices15%
3. Investigations9%
4. Personnel Security11%
5. Physical Security16%
6. Information Security14%
7. Crisis Management13%

Domain 1: Security Principles and Practices (22%)

Key Topics:

  • Security theory and concepts (including AI and IoT)
  • Enterprise Security Risk Management (ESRM)
  • Protection of assets (people, property, information)
  • Threat, vulnerability, and impact assessment
  • Security program development and continuous improvement
  • Security awareness programs
  • ASIS/ISO industry standards
  • Professional ethics and legal issues in security

Core Concepts:

Risk Management Process:

  1. Identify assets
  2. Identify threats and vulnerabilities
  3. Assess risk (likelihood × impact)
  4. Develop countermeasures
  5. Implement controls
  6. Monitor and evaluate

Security Principles:

  • Deterrence: Discourage threats
  • Detection: Identify incidents
  • Delay: Slow adversaries
  • Response: React to incidents

Threat Categories:

CategoryExamples
NaturalEarthquake, flood, hurricane
AccidentalFire, equipment failure, human error
IntentionalTheft, sabotage, terrorism, espionage

Domain 2: Business Principles and Practices (15%)

Key Topics:

  • Organizational structure and culture
  • Financial management and budgeting
  • Project management
  • Personnel management
  • Strategic planning
  • Metrics and performance measurement

Essential Business Skills:

Security Budget Components:

  • Personnel costs (salaries, benefits, training)
  • Equipment and technology
  • Maintenance and service contracts
  • Professional development
  • Emergency/contingency fund

ROI for Security:

Formula: ROI = (Losses Avoided - Security Costs) / Security Costs × 100%

Key Performance Indicators (KPIs):

  • Incident reduction rates
  • Response times
  • Budget variance
  • Employee satisfaction
  • Compliance audit results

Domain 3: Investigations (9%)

Key Topics:

  • Investigative methods and techniques
  • Evidence collection and preservation
  • Interviewing and interrogation
  • Fraud examination
  • Case management
  • Legal considerations

Investigation Types:

TypeFocusKey Skills
CriminalLaw violationsEvidence preservation, police liaison
CivilLawsuit preparationDocumentation, expert testimony
AdministrativePolicy violationsInternal procedures, due process
FraudFinancial crimesForensic accounting, interviewing

Evidence Handling:

  • Chain of custody - Document every transfer
  • Authentication - Verify origin and integrity
  • Preservation - Protect from alteration or damage
  • Documentation - Detailed logs and photographs

Domain 4: Personnel Security (11%)

Key Topics:

  • Pre-employment screening
  • Background investigations
  • Security awareness training
  • Workplace violence prevention
  • Insider threat programs
  • Termination procedures
  • Executive protection programs
  • Travel security and threat assessment

Background Investigation Components:

ElementWhat It Checks
Criminal HistoryFelonies, misdemeanors, warrants
Employment VerificationJob history, reasons for leaving
Education VerificationDegrees, certifications
Credit CheckFinancial responsibility
Reference ChecksCharacter, work performance
Drug ScreeningSubstance abuse

Security Awareness Training Topics:

  • Physical security procedures
  • Information protection
  • Recognizing suspicious activity
  • Emergency response
  • Social engineering awareness
  • Reporting requirements

Domain 5: Physical Security (16%)

Key Topics:

  • Security surveys and assessments
  • Access control systems
  • Intrusion detection
  • Video surveillance (CCTV)
  • Security lighting
  • Barriers and locks
  • Guard force management

Physical Security Layers:

Layer 1: Deterrence

  • Signage
  • Lighting
  • Visible security measures

Layer 2: Perimeter

  • Fences and walls
  • Vehicle barriers
  • Gates and entrances

Layer 3: Building Exterior

  • Doors and windows
  • Locks and hardware
  • Exterior sensors

Layer 4: Interior

  • Access control systems
  • Intrusion alarms
  • Video surveillance
  • Safes and vaults

Layer 5: Asset Protection

  • Secure storage
  • Tamper-evident seals
  • Inventory controls

Access Control Methods:

FactorExamples
Something you knowPassword, PIN
Something you haveKey card, token
Something you areFingerprint, retina scan
Somewhere you areLocation-based access

Domain 6: Information Security (14%)

Key Topics:

  • Information classification
  • Data protection strategies
  • Network security
  • Cybersecurity threats
  • Incident response
  • Business continuity planning

Information Classification Levels:

LevelDescriptionHandling
PublicNo restrictionsStandard handling
InternalOrganization useInternal distribution
ConfidentialLimited accessNeed-to-know basis
RestrictedCritical informationMaximum protection

Common Cyber Threats:

  • Phishing - Social engineering via email
  • Malware - Viruses, ransomware, trojans
  • DDoS - Distributed denial of service
  • Insider Threat - Malicious or negligent employees
  • APT - Advanced persistent threats

Domain 7: Crisis Management (13%)

Key Topics:

  • Emergency planning
  • Business continuity
  • Disaster recovery
  • Crisis communication
  • Media relations
  • Post-incident analysis

Crisis Management Phases:

  1. Mitigation - Reduce risk before event
  2. Preparedness - Plan and train
  3. Response - Execute emergency plans
  4. Recovery - Return to normal operations

Business Continuity Planning:

BIA (Business Impact Analysis):

  • Identify critical functions
  • Determine recovery priorities
  • Establish RTO (Recovery Time Objective)
  • Establish RPO (Recovery Point Objective)

Plan Components:

  • Emergency response procedures
  • Communication protocols
  • Resource requirements
  • Alternate site arrangements
  • Testing and maintenance schedule

3-Month CPP Study Schedule

Month 1: Core Knowledge (Domains 1, 2, 5)

WeekFocusHours
1Security Principles (Domain 1)12-15
2Business Principles (Domain 2)10-12
3Physical Security (Domain 5)12-15
4Review and Practice8-10

Month 2: Specialized Areas (Domains 3, 4, 6, 7)

Information Security (14%) and Crisis Management (13%) carry real weight, so give them as much time as the management domains, not less.

WeekFocusHours
5Investigations (Domain 3)8-10
6Personnel Security (Domain 4)8-10
7Information Security (Domain 6)10-12
8Crisis Management (Domain 7)10-12

Month 3: Review and Practice

WeekFocusHours
9Weak area review10-12
10Practice exam 18-10
11Practice exam 28-10
12Final review6-8

Total Study Time: 100-150 hours


CPP Test-Taking Strategies

Time Management

  • 200 questions in 240 minutes
  • Target: ~1.2 minutes per question
  • Strategy: Answer easier questions first

Question Types

Scenario-Based:

  • Read the scenario carefully
  • Identify the core issue
  • Apply security principles
  • Choose best answer

Knowledge-Based:

  • Recall specific concepts
  • Know definitions and terms
  • Understand relationships

Application:

  • Apply theory to practice
  • Consider context
  • Evaluate options

Answering Strategy

  1. Read the entire question
  2. Eliminate obviously wrong answers
  3. Choose the BEST answer (may not be perfect)
  4. Mark uncertain questions for review
  5. Answer every question (no penalty for guessing)

CPP Study Resources

Official ASIS Reference Set

ASIS item writers build CPP questions from a defined reference set. The exam is experience-based - ASIS explicitly tells candidates not to memorize these books, but to use them to fill knowledge gaps and apply your own judgment.

ResourceWhat It Is
Protection of Assets (POA)The core multi-volume ASIS reference covering technical and managerial security
ASIS StandardsCSO, ORM.1, SRA, and WVPI.1
ASIS GuidelinesPAP, IAP, and PBS
CPP Study ManualWalks through all 7 domains, key terms, and study strategy
CPP Flash CardsPrint or digital, for terms and concept recall
CPP Practice Test / Practice ExamRetired real items so you see the actual question style

Cost of Materials

ResourceApproximate Cost
CPP Study Manual~$130-150
Protection of Assets set~$200-400 (free eBooks for some member tiers)
Standards & Guidelines bundle~$100-200 (eBooks free for members)
ASIS Membership$215-295/year

Recommended Additional Study

  1. ASIS Webinars - Domain-specific training
  2. Local ASIS Chapters - Study groups
  3. Online Courses - Structured learning
  4. Security Management Magazine - Stay current

CPP Certification Costs Summary (2026)

The CPP application fee bundles the exam and a non-refundable $160 processing fee. ASIS sets the member rate well below the non-member rate, so most candidates join ASIS first.

ItemMemberNon-Member
Application Fee (exam + $160 processing)$580$910
ASIS Membership$215-295/yearN/A
Study Manual~$130-150~$130-150
Reference books (POA + standards)~$200-500~$200-500
Total Estimated~$1,125-1,525~$1,240-1,560

Discounted application fees apply in ASIS-designated Emerging Market countries. Always confirm current pricing in the ASIS Certification Handbook before you apply.


CPP vs. PSP: Which Certification?

CPP is the broad security-management credential; PSP zooms in on physical security assessment, design, and implementation. The CPP covers all seven domains, while the PSP focuses on just three physical-security domains.

FactorCPPPSP
FocusSecurity management (7 domains)Physical security technical (3 domains)
Scored Questions200 (+25 pretest)125 (+15 pretest)
Time4 hours3 hours
Experience5+ years, 3 in responsible charge4+ years in physical security
Best ForSecurity managers/directorsPhysical security specialists
free PSP question bankPractice questions with detailed explanations

Career Impact of CPP Certification

Salary Increases

PositionWithout CPPWith CPP
Security Manager$85,000$105,000
Security Director$110,000$135,000
VP Security$150,000$180,000

Career Advancement

  • Faster promotion to senior roles
  • Broader opportunities across industries
  • Consulting eligibility - Many clients require CPP
  • Board positions - Preference for certified professionals

Free CPP Practice Resources

Start Practicing Today

  • 200+ CPP-style practice questions covering all 7 domains
  • Scenario-based questions with detailed explanations
  • Domain-specific quizzes to identify weak areas
  • Study guidance based on exam blueprint
Start Free CPP Practice →Practice questions with detailed explanations

Additional Resources

  1. ASIS Website - Exam blueprint and policies
  2. Security Management Magazine - Industry trends
  3. ASIS Annual Seminar - Intensive review courses
  4. Peer Study Groups - Local ASIS chapters

CPP Recertification

Requirements (Every 3 Years)

Continuing Professional Education (CPE)

  • Earn 60 CPE credits within each 3-year cycle
  • Credits must come from security-, business-, or safety-related learning, teaching, or service that is not part of your regular job duties or company-specific training
  • Log credits as you earn them and apply through the ASIS online portal in your third year
  • A 3-month grace period follows your certification end date
  • Categories include education, professional activities, and publications

Earning CPE Credits

ActivityCredits per Hour
ASIS Seminar1.0
ASIS Webinar1.0
Other Security Training0.5-1.0
Teaching Security2.0
Publishing Article5-10
ASIS Chapter Leadership5-10/year

Final Tips for CPP Success

  1. Start with the Study Manual - Foundation for all domains
  2. Focus on weak areas - Don't just study what you know
  3. Join ASIS - Access resources and networking
  4. Form a study group - Accountability and discussion
  5. Take practice exams - Simulate test conditions
  6. Understand concepts - Not just memorize facts
  7. Stay current - Security field evolves constantly

Good luck with your CPP certification journey!

Test Your Knowledge
Question 1 of 5

How many total questions are on the CPP exam?

A
150 (all scored)
B
200 scored only
C
225 (200 scored + 25 unscored pretest)
D
250 (225 scored + 25 pretest)
Learn More with AI

10 free AI interactions per day

ASIS CPPCertified Protection ProfessionalSecurity ManagementPhysical SecurityStudy Guide2026

Related Articles

Stay Updated

Get free exam tips and study guides delivered to your inbox.

Free exam tips & study guides. Unsubscribe anytime.