What is the current CISSP exam format?

ISC2 lists CISSP as a computerized adaptive test with 100-150 multiple-choice and advanced innovative items, a 3-hour time limit, and a passing grade of 700 out of 1000 points. The CAT page states that 25 pretest or unscored items are included as part of the minimum-length exam.

What are the current CISSP domain weights?

The April 15, 2024 ISC2 outline lists Security and Risk Management 16%, Asset Security 10%, Security Architecture and Engineering 13%, Communication and Network Security 13%, Identity and Access Management 13%, Security Assessment and Testing 12%, Security Operations 13%, and Software Development Security 10%.

What experience do I need for CISSP certification?

ISC2 requires five years of cumulative full-time experience in at least two current CISSP domains. An approved degree or credential can satisfy up to one year, and candidates without the full experience can pass the exam and become an Associate of ISC2 while earning the required experience.

Does ISC2 publish a CISSP pass rate?

No official CISSP pass-rate percentage was available in the opened ISC2 sources. Use readiness evidence instead: mixed-domain scenario practice, risk-based explanation quality, CAT pacing, and ability to choose controls based on business context.

Can I review CISSP CAT questions after answering?

No. ISC2 states that item review is not permitted on CAT exams because each finalized answer affects the adaptive item selection algorithm.

How much does the CISSP exam cost?

ISC2 exam pricing lists U.S. $749 standard registration for CISSP in the Americas, Asia Pacific, Middle East, Africa, and all other regions not separately listed. Pricing, currency, and tax depend on exam administration location and Pearson VUE checkout.

How do I maintain CISSP certification?

ISC2 member policies list 120 CPE credits over a three-year CISSP cycle, including 90 Group A and 30 Group A or B credits. CISSP-level certified members also pay the annual ISC2 AMF.

What's included for free?

All study guides, practice questions, and explanations are completely free. We also include 10 AI-powered questions daily. For unlimited AI assistance, you can upgrade to Pro.

Why is the content free?

OpenExamPrep was founded by Ran Chen, a CFP® who passed multiple financial exams and believes quality exam prep shouldn't cost hundreds of dollars. With AI, we can create quality content at scale and make it accessible to everyone.

Is the content up to date?

Yes! Our content is aligned with the latest exam outlines and updated regularly. Last update: January 2026.

CISSP Study Guide

Exam

1.1 Credential Scope, CISSP Mindset, and Search Language 1.2 Exam Outline Effective Date and Eight-Domain Map 1.3 CAT Format, 100-150 Items, and Forward-Only Rules 1.4 Passing Grade, Results, Feedback, and Retake Policy 1.5 Experience, Endorsement, and Associate of ISC2 Path 1.6 Pricing, AMF, CPE, and Maintenance Overview

2.1 Professional Ethics, CIA, and Security Governance 2.2 Policies, Standards, Procedures, Guidelines, and Control Ownership 2.3 Legal, Regulatory, Privacy, and Investigation Context 2.4 Risk Identification, Analysis, Treatment, and Reporting 2.5 Business Continuity, BIA, and Recovery Prioritization 2.6 Personnel Security, Training, Awareness, and Culture 2.7 Threat Modeling, Supply Chain Risk, and Third-Party Governance 2.8 Security and Risk Management Case Lab

3.1 Asset and Data Classification, Ownership, and Roles 3.2 Handling Requirements, Labeling, Privacy, and Cross-Border Data 3.3 Data States and Protection Methods: DLP, DRM, and CASB 3.4 Data Lifecycle, Retention, Remanence, and Destruction 3.5 Secure Provisioning, Inventory, and Asset Management 3.6 Asset Security Case Lab

4.1 Secure Design Principles and Security Models 4.2 Control Selection, System Security, and Architecture Risk 4.3 Cryptography Foundations: Symmetric, Asymmetric, Hashing, and PKI 4.4 Cryptographic Lifecycle, Key Management, and Attack Patterns 4.5 Cloud, Container, IoT, Edge, and Shared Responsibility Architecture 4.6 Physical Site, Facility, and Environmental Security 4.7 Information System Lifecycle Engineering and Retirement 4.8 Architecture and Engineering Case Lab

5.1 Network Architecture, OSI/TCP/IP, and Secure Design 5.2 Secure Protocols, Encryption in Transit, and Channel Protection 5.3 Segmentation, Microsegmentation, SDN, VPC, and Zero Trust 5.4 Wireless, Cellular, Remote Access, and Third-Party Connectivity 5.5 Network Components: NAC, IDS/IPS, Firewalls, and Endpoints 5.6 Monitoring, Observability, Capacity, and Resilient Communications 5.7 Communication and Network Security Case Lab

6.1 Identity Proofing, Authentication, Authorization, and Accountability 6.2 Access Control Models: RBAC, MAC, DAC, ABAC, and Risk-Based Access 6.3 Federation, SSO, MFA, Passwordless, and Session Management 6.4 Provisioning, Deprovisioning, JML, and Access Reviews 6.5 Service Accounts, Non-Human Identities, and Privilege Management 6.6 Physical, Logical, Cloud, and Hybrid Access Boundaries 6.7 IAM Case Lab

7.1 Assessment, Test, and Audit Strategy Selection 7.2 Control Testing, Vulnerability Assessment, and Penetration Testing 7.3 Log Review, Code Review, Misuse Cases, and Compliance Checks 7.4 Security Process Data, KPIs, KRIs, and Reporting 7.5 Remediation, Exceptions, Risk Acceptance, and Evidence Quality 7.6 Security Assessment and Testing Case Lab

8.1 Investigations, Evidence, Forensics, and Legal Readiness 8.2 Logging, Monitoring, SOC, and Alert Triage 8.3 Configuration, Change, Patch, and Vulnerability Operations 8.4 Incident Management, Containment, Eradication, and Recovery 8.5 Disaster Recovery, Backup, Availability, and Resilience 8.6 Physical Security Operations and Safety 8.7 Security Operations Case Lab

9.1 Secure SDLC Governance and Requirements 9.2 Architecture, Threat Modeling, and Design Review 9.3 Secure Coding, Code Review, and Application Testing 9.4 CI/CD, Source Control, and Environment Separation 9.5 Software Supply Chain, Third-Party Components, and Deployment 9.6 DevSecOps Vulnerability Management and Release Risk 9.7 Software Development Security Case Lab

10.1 Enterprise Risk Committee Decision Lab 10.2 Cloud Migration Security Architecture Lab 10.3 Ransomware Incident and Business Continuity Lab 10.4 Identity Modernization and Zero Trust Lab 10.5 Third-Party Breach and Contract Governance Lab 10.6 Secure SDLC Transformation Lab 10.7 Full CISSP Manager Simulation

11.1 Final 45-Day CISSP Study Plan 11.2 CAT Timing and Forward-Only Decision Workflow 11.3 Mixed-Domain Remediation and Manager Mindset Review 11.4 Test-Day Checklist and Pearson VUE Readiness 11.5 Endorsement, Associate Path, and Work Experience Documentation 11.6 CPE, AMF, and Three-Year Maintenance Plan 11.7 CISSP Final Mixed Review

Free AI Tutor Included•10 questions/day

Free CISSP Exam Prep

ISC2 Certified Information Systems Security Professional (CISSP)

Pass your CISSP exam without spending hundreds on expensive prep courses. Free study guides, practice questions, and AI-powered learning.

Quick Facts

Chapters

Sections

Our Cost

Updated January 2026

CISSP

Practice Study Guide Flashcards

1 blog 1 video

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle

$74.97 · Buy on Amazon

Take courses on Udemy

Learning path on Pluralsight

Same family resources

More ISC2 Certifications Prep

Continue through related practice pages, study guides, comparisons, and articles from the same exam family.

Practice Pages

ISC2 Certified in Cybersecurity (CC) Practice200 questions ISC2 Certified in Governance, Risk and Compliance (CGRC) Practice200 questions ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice200 questions ISC2 SSCP Practice200 questions CCSP Practice198 questions ISC2 Information Systems Security Architecture Professional (ISSAP) Practice100 questions

Study Guides

ISC2 Certified in Cybersecurity (CC) Study Guide

CISSP Study Plan: 3-Month Schedule + Hours (2026)16 min read ISC2 CC Certified in Cybersecurity Guide (FREE 2026)24 min read ISC2 SSCP 2026: CAT Strategy for Security Administrators7 min read

Your Study Path

CISSP Professional License: Complete Roadmap

Follow this path to maximize your chances of passing on the first try

Phase 1: Official Outline + Governance FoundationYou are here

Confirm CAT rules, experience path, ethics, governance, policy hierarchy, risk, business continuity, and asset security.

hours

Phase 2: Architecture, Networks + IAM

Study secure design, security models, cryptography, network architecture, secure channels, identity lifecycle, and access control models.

hours

Phase 3: Testing, Operations + SDLC

Practice control assessment, audit, incident response, resilience, configuration management, secure SDLC, and DevSecOps governance.

hours

Phase 4: CAT Readiness + Endorsement Plan

Complete mixed-domain scenarios, CAT timing practice, weak-domain remediation, endorsement planning, and CPE/AMF maintenance review.

hours

Estimated total study time

150 hours

That's about 15 weeks at 10 hours/week

Can You Take the CISSP Exam?

Check if you meet the basic eligibility requirements

Age

Education

No mandatory degree requirement; an approved degree or credential can satisfy up to 1 year of the experience requirement.

Experience

5 years cumulative full-time paid work experience in at least 2 of the 8 current CISSP domains, with Associate of ISC2 path available after passing.

Additional Requirements

•Endorsement/application process required after passing before full CISSP certification is granted
•Candidates without required experience can become Associate of ISC2 and have up to 6 years to earn required CISSP experience
•CISSP CAT exams are delivered through ISC2-authorized Pearson VUE testing centers
•Certified members must earn 120 CPE credits over a 3-year cycle and pay annual AMF to remain in good standing

CISSP Quick Facts

Time to Get Licensed

10-20 weeks for most experienced security candidates

From start to license in hand

Exam Provider

Pearson VUE / ISC2-authorized testing centers

In-Person Only

Schedule Your Exam

Retake Policy

ISC2 CAT retake rules list 30 test-free days after the first attempt, 60 days after the second attempt, and 90 days after the third and subsequent attempts, with maximum attempt limits in a 12-month period.

Total Cost Breakdown

Exam FeeU.S. $749 standard registration in the Americas and several other regions

Total Estimated Cost$749 initial exam registration plus AMF after certification approval; optional training and retakes vary

Why Choose Us

Free CISSP Prep That Actually Works

The official pass rate is ISC2 does not publish official CISSP pass-rate statistics in the opened official sources.. Our students do better.

200 Practice Questions

CISSP-style mixed-domain practice aligned to the current eight-domain ISC2 outline.

Risk-Based Judgment

Practice manager-level security decisions across governance, architecture, operations, IAM, and SDLC scenarios.

2026 Updated

Aligned with the active April 15, 2024 ISC2 CISSP exam outline and current CAT policies.

Free Access

Start CISSP prep free before paying ISC2 exam registration or training costs.

Compare:

Kaplan $300+•Achievable $200+•OpenExamPrep $0

What You'll Study

11 chapters covering everything you need to pass

Chapter 1: CISSP Orientation, CAT, and Official Source Control

6 sections

Chapter 2: Security and Risk Management

8 sections

Chapter 3: Asset Security and Data Lifecycle

6 sections

Chapter 4: Security Architecture, Engineering, and Cryptography

8 sections

Chapter 5: Communication, Network Security, and Zero Trust

7 sections

Chapter 6: Identity and Access Management

7 sections

Chapter 7: Security Assessment, Testing, and Audit Strategy

6 sections

Chapter 8: Security Operations, Incident Response, and Resilience

7 sections

Chapter 9: Software Development Security and DevSecOps

7 sections

Chapter 10: Integrated CISSP Governance Scenario Labs

7 sections

Chapter 11: Final Review, Endorsement, CPE, and Test-Day Strategy

7 sections

Learn More with AI

10 free AI interactions per day

CISSP Exam Details

ISC2 Certified Information Systems Security Professional (CISSP)

Administered by ISC2

Official Source

700 out of 1000 points

Passing Score

100-150

Questions

Hours

U.S. $749 standard registration in the Americas and several other regions; pricing and taxes vary by exam location

Exam Fee

Study time: No official study-hour requirement; eligibility and endorsement are experience-based.

Prerequisites: 5 years cumulative full-time experience in at least 2 current CISSP domains; up to 1 year can be waived; Associate of ISC2 path is available after passing

Valid for: 3-year certification cycle with 120 CPE credits and annual AMF

Exam Content Breakdown

Based on the official ISC2 content outline

Security and Risk Management16%

Professional ethics, governance, compliance, investigations, policy hierarchy, business continuity, personnel security, risk management, threat modeling, supply chain risk, and awareness.

Asset Security10%

Information and asset classification, ownership, handling, data lifecycle, retention, remanence, destruction, data states, privacy, and data protection controls.

Security Architecture and Engineering13%

Secure design principles, security models, control selection, system security capabilities, architecture vulnerabilities, cryptography, PKI, physical security, and lifecycle engineering.

Communication and Network Security13%

Secure network architecture, network components, secure channels, OSI/TCP/IP, segmentation, wireless, SDN, VPC, monitoring, remote access, and third-party connectivity.

Identity and Access Management (IAM)13%

Physical and logical access, identification, authentication, federation, authorization, provisioning lifecycle, MFA, SSO, access control models, service accounts, and privilege management.

Security Assessment and Testing12%

Assessment strategy, control testing, vulnerability assessment, penetration testing, log review, code review, misuse case testing, compliance checks, remediation, and audit reporting.

Security Operations13%

Investigations, logging and monitoring, configuration management, operations controls, incident response, forensics, disaster recovery, business continuity, backups, and change management.

Software Development Security10%

Secure SDLC, development environments, source control, CI/CD, code review, threat modeling, DevSecOps, software supply chain, vulnerability management, and secure deployment.

What's Included

11 Chapters

Complete exam coverage

Practice Quizzes

With detailed explanations

Free to Start

No credit card required

CFP®

Why It's Free

Quality Exam Prep Shouldn't Cost Hundreds

I'm Ran Chen, an engineer with 20+ years of coding experience. I passed my Life Insurance license, EA exam, SIE, Series 6, 63, 65, and finally the CFP® exam.

Through all these exams, one thing became clear: exam prep is expensive. But with AI, we can change that. Quality preparation can now be free for everyone.

Connect with Ran

What's Next After the CISSP?

After passing the CISSP, you can pursue these career paths

CCSP

Specialize in cloud security architecture, governance, risk, and operations after broad CISSP coverage.

Coming Soon

CGRC

Move deeper into governance, risk, compliance, authorization, and control assurance.

Coming Soon

ISSAP

Progress into the CISSP concentration for advanced security architecture practice.

Coming Soon

CISSP Exam FAQ

Official ISC2 Resources

Verify information with these official sources

ISC2 CISSP Certification Page CISSP Certification Exam Outline CISSP Exam Outline PDF ISC2 Computerized Adaptive Testing ISC2 Exam Pricing ISC2 Member Policies

More Free Resources

Spotify YouTube Blog & Newsletter

No Credit Card Required

Ready to Start Your Free CISSP Prep?

Join thousands of candidates who passed their exams using our free study materials.

Start Chapter 1 Free

CISSP Study Guide

1Chapter 1: CISSP Orientation, CAT, and Official Source Control

2Chapter 2: Security and Risk Management

3Chapter 3: Asset Security and Data Lifecycle

4Chapter 4: Security Architecture, Engineering, and Cryptography

5Chapter 5: Communication, Network Security, and Zero Trust

6Chapter 6: Identity and Access Management

7Chapter 7: Security Assessment, Testing, and Audit Strategy

8Chapter 8: Security Operations, Incident Response, and Resilience

9Chapter 9: Software Development Security and DevSecOps

10Chapter 10: Integrated CISSP Governance Scenario Labs

11Chapter 11: Final Review, Endorsement, CPE, and Test-Day Strategy

Free CISSP Exam Prep

Quick Facts

CISSP

More ISC2 Certifications Prep

CISSP Professional License: Complete Roadmap

Phase 1: Official Outline + Governance FoundationYou are here

Phase 2: Architecture, Networks + IAM

Phase 3: Testing, Operations + SDLC

Phase 4: CAT Readiness + Endorsement Plan

Can You Take the CISSP Exam?

CISSP Quick Facts

Time to Get Licensed

Exam Provider

Retake Policy

Total Cost Breakdown

Free CISSP Prep That Actually Works

200 Practice Questions

Risk-Based Judgment

2026 Updated

Free Access

What You'll Study

Chapter 1: CISSP Orientation, CAT, and Official Source Control

Chapter 2: Security and Risk Management

Chapter 3: Asset Security and Data Lifecycle

Chapter 4: Security Architecture, Engineering, and Cryptography

Chapter 5: Communication, Network Security, and Zero Trust

Chapter 6: Identity and Access Management

Chapter 7: Security Assessment, Testing, and Audit Strategy

Chapter 8: Security Operations, Incident Response, and Resilience

Chapter 9: Software Development Security and DevSecOps

Chapter 10: Integrated CISSP Governance Scenario Labs

Chapter 11: Final Review, Endorsement, CPE, and Test-Day Strategy

CISSP Exam Details

ISC2 Certified Information Systems Security Professional (CISSP)

Exam Content Breakdown

What's Included

11 Chapters

Practice Quizzes

Free to Start

Quality Exam Prep Shouldn't Cost Hundreds

What's Next After the CISSP?

CCSP

CGRC

ISSAP

CISSP Exam FAQ

What is the current CISSP exam format?

What are the current CISSP domain weights?

What experience do I need for CISSP certification?

Does ISC2 publish a CISSP pass rate?

Can I review CISSP CAT questions after answering?

How much does the CISSP exam cost?

How do I maintain CISSP certification?

What's included for free?

Why is the content free?

Is the content up to date?

Official ISC2 Resources

More Free Resources

Ready to Start Your Free CISSP Prep?