LLMpediaThe first transparent, open encyclopedia generated by LLMs

CISSP

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Pearson VUE Hop 4
Expansion Funnel Raw 121 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted121
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
CISSP
NameCISSP
Issuer(ISC)²
TypeProfessional certification
Established1994
PrerequisiteFive years of cumulative paid work experience in two or more of the eight domains of the (ISC)² CBK

CISSP

The CISSP is a professional certification for information security practitioners administered by (ISC)². Established in 1994, the credential is tied to a Common Body of Knowledge originally influenced by standards and frameworks such as ISO/IEC 27001, NIST, FISMA, PCI DSS, and COBIT. CISSP holders often work alongside organizations like Microsoft, Amazon, Google, IBM, Cisco Systems and advise institutions including World Bank, United Nations, NATO, and Interpol.

Overview

CISSP is managed by (ISC)², an organization founded by security professionals associated with groups such as Information Systems Security Association, ISACA, SANS Institute, and contributors from agencies like the National Security Agency and Department of Defense. The certification program references professional standards such as ISO/IEC 27002, NIST SP 800-53, NIST SP 800-37, FIPS, and regional laws like the Privacy Act of 1974, GDPR, and HIPAA in curriculum context. Training and preparatory resources are produced by publishers and institutions including O'Reilly Media, Wiley, McGraw-Hill Education, Pluralsight, Coursera, Udemy, and universities like Stanford University, Massachusetts Institute of Technology, and Carnegie Mellon University.

Certification Domains

The CISSP Common Body of Knowledge (CBK) has evolved from eight to eight domains used in examinations and practice. These domains map to subject areas referenced across standards and vendor technologies such as AWS, Azure, Google Cloud Platform, and Oracle. References and topics include cryptographic standards like AES, RSA, Elliptic Curve Cryptography, and protocols like TLS, IPsec, SSH, as well as architectures such as TOGAF and governance models exemplified by COBIT 5 and ITIL. Legal and compliance content draws on cases and statutes including Sarbanes–Oxley Act, Computer Fraud and Abuse Act, and directives like the NIS Directive. Incident response and forensics sections intersect with tools and methods used by entities such as FBI, Europol, CERT/CC, and vendors like Mandiant, CrowdStrike, and FireEye.

Eligibility and Examination

Candidates must demonstrate experience consistent with criteria influenced by professional pathways exemplified by roles at Accenture, Deloitte, KPMG, Ernst & Young, and PwC. Examination formats and delivery have been shaped by testing providers including Pearson VUE and test security concerns linked to incidents involving ETS and other assessment organizations. The CBK and exams reference academic programs and research from institutions such as Harvard University, Yale University, University of Oxford, and University of Cambridge when discussing theoretical foundations. Certification processes include endorsement by existing members, background checks akin to those used by FBI name checks, and adherence to an (ISC)² Code of Ethics influenced by professional codes from IEEE and ACM.

Maintenance and Continuing Professional Education

Maintaining CISSP requires ongoing Continuing Professional Education (CPE) credits through activities recognized by (ISC)² and similar to professional development frameworks at CompTIA, ISACA, SANS Institute, and CISM programs. CPE activities frequently include conferences and events such as RSA Conference, Black Hat, DEF CON, BlueHat, InfoSec World, and ShmooCon; academic coursework at institutions like Georgia Institute of Technology; vendor training by companies such as Symantec, Palo Alto Networks, Fortinet, and Trend Micro; and publication in outlets including IEEE Xplore, ACM Digital Library, Wiley Online Library, and SpringerLink.

Industry Recognition and Career Impact

CISSP is cited by employers, government agencies, and professional services firms when specifying qualifications for roles at Goldman Sachs, JPMorgan Chase, Bank of America, Citigroup, and HSBC. Many public sector positions reference CISSP in hiring criteria across agencies such as Department of Homeland Security, GCHQ, Australian Signals Directorate, Canadian Centre for Cyber Security, and European Union Agency for Cybersecurity. Career outcomes reported by alumni networks and industry surveys link CISSP to roles like Chief Information Security Officer at corporations including Apple Inc., Tesla, Intel, and consultancies such as Booz Allen Hamilton and Leidos. Professional recognition overlaps with other credentials like CISM, CompTIA Security+, CEH, OSCP, CCSP, AWS Certified Security, and academic degrees from institutions like Columbia University and New York University.

Criticisms and Controversies

Critiques of CISSP mirror debates in professional certification fields involving organizations like Educational Testing Service and topics discussed at conferences such as DEF CON and RSA Conference. Concerns include test commercialization issues raised in contexts mentioning Pearson VUE and credential inflation debated in reports from Gartner and Forrester Research. Other controversies reference comparisons with vendor certifications from Cisco, Microsoft Certified programs, and open-source community perspectives voiced by contributors to Linux Foundation and GitHub. Legal and regulatory disputes have intersected with privacy and standardization debates involving entities such as European Commission and national legislators in United States Congress and UK Parliament.

Category:Information security certifications