CISSP certification — requirements, cost, salary & career guide

What is the CISSP?

The CISSP is an ISC2 certification for experienced security practitioners. It validates your ability to design, implement and manage a best-in-class cybersecurity program. It is ANSI/ISO accredited and approved by the U.S. Department of Defense (DoD 8570/8140) for IAT/IAM/IASAE Level III roles.

CISSP requirements & prerequisites

• Experience. Five years of cumulative, paid work experience in two or more of the eight CISSP domains.
• Education waiver. A four-year degree or approved credential waives one year (down to four).
• Associate path. Without the experience, pass the exam to become an Associate of ISC2 and earn the years within six years.
• Endorsement. A current CISSP must endorse your application within nine months of passing.
• Code of Ethics. Agreement to the (ISC)² Code of Ethics is mandatory.

CISSP exam cost & format

The 8 CISSP domains

The CISSP Common Body of Knowledge (CBK) is organized into eight domains. Each carries a different weight on the exam:

CISSP salary & jobs

The average CISSP salary in the United States ranges from $120,000 to $165,000, with senior positions exceeding $200,000. Worldwide, the CISSP is one of the highest-paying IT certifications. Common roles include:

CISM vs CISSP

Both are senior credentials, but they target different career paths. CISSP (ISC2) covers a broader technical and managerial body of knowledge across eight domains. CISM (ISACA) is narrower and focused on information security management and governance. Choose CISSP for hands-on security architecture, engineering and leadership; choose CISM if you're moving exclusively into security management.

CISSP career path & long-term value

The CISSP is one of the highest-ROI certifications in technology. ISC2's own workforce studies consistently show CISSP holders earning 25–35% more than comparable non-certified peers, and the credential is a near-universal filter for senior security roles at Fortune 500 companies, government contractors and global consulting firms. Beyond the salary bump, CISSP unlocks job titles that aren't easily reached without it: Security Architect, Information Security Manager, CISO, and most senior GRC roles. It is approved by the U.S. Department of Defense (DoD 8570/8140) for IAT/IAM/IASAE Level III positions, which makes it effectively mandatory for many federal and defense-contractor jobs.

The credential also travels well internationally. CISSP is recognized in over 170 countries and is ANSI/ISO 17024 accredited, which means recruiters in the UK, EU, Singapore, Australia and the Middle East all weight it the same way. For practitioners who want optionality — moving between consulting, in-house security and product security roles, or relocating across borders — few certifications offer comparable flexibility.

Maintaining the CISSP requires 120 Continuing Professional Education (CPE) credits over a three-year cycle, plus a USD 135 annual maintenance fee. CPEs are straightforward to earn through conferences, webinars, writing, podcasts and on-the-job training, and most working security professionals accumulate them naturally.

Recommended CISSP study materials

A solid CISSP study stack typically includes three things: a primary textbook (the official ISC2 CBK or the Sybex CISSP Official Study Guide by Mike Chapple and David Seidl), a quality question bank that emphasizes scenario-based reasoning over trivia, and a spaced-repetition tool for the high-yield facts (port numbers, OSI layers, encryption modes). Cipher8 covers the last two: scenario practice across all 8 domains and FSRS-scheduled flashcards for the must-memorize material. For deeper reading on specific domains, the official Sybex Practice Tests companion volume and Eleventh Hour CISSP by Eric Conrad are widely respected supplements.

Frequently asked questions