Official 2026 CC Exam Facts and Timeline

What the CC Credential Is

The ISC2 Certified in Cybersecurity (CC) is the entry-level certification from ISC2 (the International Information System Security Certification Consortium), the same body that issues the CISSP. CC has no work-experience prerequisite — that is what makes it a true on-ramp. But entry-level does not mean vocabulary-only. The exam expects you to recognize the security objective in a workplace scenario, pick a reasonable first action, and avoid risky shortcuts such as deleting evidence or disabling a control for convenience.

A strong CC candidate can explain, in plain language, why confidentiality, integrity, availability, access control, incident response, and routine operations matter to an ordinary employee or junior analyst. The exam is judgment-first, not trivia-first.

Verified Current Exam Facts

The facts below are confirmed against ISC2 and Pearson VUE sources for the 2026 testing cycle. Memorize the dated items — they appear on exam-fact questions and they drive your scheduling decisions.

Why 700 Is Not 70 Percent

Do not convert the 700 out of 1000 passing standard into a raw "answer 70 of 100 questions" target. The 1000-point scale is a scaled score, not a percentage of items. Because CAT serves harder items as you answer correctly, a candidate who answers fewer total items can still clear 700 if those items were difficult, while a candidate who breezed through easy items may fall short. Two people can both "get 70 right" and receive different scaled scores. Chase consistent correct judgment, not a guessed percentage.

Likewise, treat informal pass-rate figures (you will see claims of 70 percent, 88 percent, 94 percent, and so on) as marketing, not study targets. ISC2 does not publish an official CC pass rate, and no rumored number changes the domains you must master.

The Fee and the AMF Trap

The US$199 figure is the exam-attempt fee. A common surprise is the separate US$50 Annual Maintenance Fee that you pay to ISC2 each year after you certify, along with earning Continuing Professional Education (CPE) credits — 45 CPEs over the three-year cycle for CC. If you take the exam through a free One Million Certified in Cybersecurity (1MCC) code, the exam attempt is free, but the AMF still applies once you are certified.

Public 1MCC Enrollment Cutoff

ISC2 announced that public enrollment in the One Million Certified in Cybersecurity (1MCC) program ends May 20, 2026. The scheduling detail that matters: unexpired 1MCC codes can still be used to schedule and sit the exam through December 31, 2026. If you hold a code, treat it as an expiring asset — confirm the expiration in your ISC2 account, book early to absorb testing-center scarcity, and leave slack for rescheduling.

How CC Differs From the CISSP and Security+

Candidates often arrive confused about where CC sits among popular certifications, and that confusion wastes study time on the wrong depth. Keep these distinctions straight:

• CC vs. CISSP: CISSP requires five years of paid, full-time security experience and tests deep architecture, governance, and engineering across eight domains in a longer adaptive exam. CC has no experience requirement and tests beginner recognition across five domains. Do not study CC at CISSP depth — you will over-prepare on theory and under-prepare on plain-language judgment.
• CC vs. CompTIA Security+: Security+ is vendor-neutral like CC but goes deeper on hands-on tools, cryptography mechanics, and threat detail, with performance-based simulations. CC stays conceptual. If you have Security+, CC will feel light; if CC is your first cert, do not assume Security+ material maps one-to-one.
• CC vs. SSCP: The Systems Security Certified Practitioner sits one tier above CC and assumes operational hands-on work. CC is the on-ramp to that path.

The takeaway: anchor your effort to the five published CC domains and beginner judgment, not to harder credentials' syllabi. Borrowing a CISSP study guide for a CC exam is a classic time sink.

Scenario: Picking a Date Around the Outline Change

A candidate who starts studying May 1, 2026 with a valid 1MCC code and wants a late-August seat fits cleanly inside the October-2025 outline window and tests before the September-1 change. A candidate starting in July aiming for a November seat will sit under the new September-2026 outline, so domain wording and emphasis may shift — that person must confirm which outline applies before locking a final review. The concepts do not vanish; only the emphasis and phrasing move. Use the dated facts above as guardrails, build the plan around outline dates and domain weights, and ignore hearsay.

One more logistics note candidates miss: ISC2 currently delivers the CC exam only in person at a Pearson VUE testing center — it does not offer online (at-home) proctoring for CC, so do not plan around a webcam option. You must present a valid, government-issued photo ID whose name exactly matches your ISC2 registration, arrive at the center at least 15 minutes early, and bring no personal notes or devices into the testing area (you will use a locker for personal items). Mismatched names and late arrivals are the most common avoidable reasons candidates are turned away, so verify your profile spelling the day you book.