Eligibility for obtaining this certificate is twofold:
1. Passing the exam:
The exam consists of 250 multiple choice questions worth 1000 points that are to be answered in a duration of six hours. Of the 1000 points, a minimum of 700 points (70%) is required to pass this exam. The weighted value for each question varies and the distribution is not disclosed to the candidates. The exam is a written-type exam and an online test option is not offered. The (ISC)² regularly conducts the exam throughout the world. The exam schedules are available at the (ISC)² website: http://www.isc2.org.
2. Professional experience:
Subscribing to the (ISC)² code of ethics, and showing a proof of direct professional work experience of no less than four to five years in two or more security domains, as prescribed in (ISC)² CISSP Common Body of Knowledge (CBK)
Note
Those who do not have relevant experience can still appear for the CISSP exam. If they pass, (ISC)2 will award them with an Associate of (ISC)2 credential. Subsequently by gaining relevant years of experience, the candidate can show evidence and obtain the CISSP credential.
As per (ISC)2
The Associate of (ISC)² status is available to qualified candidates who:
Subscribe to the (ISC)² Code of Ethics
Pass the CISSP or SSCP certification exams based on the (ISC)² CBK, our taxonomy of information security topics.
The following information is extracted from the (ISC)² website pertaining to (ISC)² CBK .
The (ISC)² CBK is a taxonomy—a collection of topics relevant to information security professionals around the world. The (ISC)² CBK establishes a common framework of information security terms and principles, which allows information security professionals worldwide to discuss, debate, and resolve matters pertaining to the profession with a common understanding.
The (ISC)² was established in 1989, in part, to aggregate, standardize, and maintain the (ISC)² CBK for information security professionals worldwide.
Domains from the (ISC)² credentials are drawn from various topics within the (ISC)² CBK. The (ISC)² uses the CBK to assess a candidate's level of mastery of the most critical domains of information security.
The (ISC)² CBK, from which the (ISC)² credentials are drawn, is updated annually by the (ISC)² CBK Committee to reflect the most current and relevant topics required to practice the profession of information security.