Effective April 15, 2018, (ISC)2 will implement domain-related changes for the Certified Information Systems Security Professional (CISSP®) credential exam. These changes are being implemented based on the outcome of the Job Task Analysis (JTA). The JTA provides the foundation for each of (ISC)2’s examinations.
The domain names for the CISSP have changed as noted in the chart below:
| Previous CISSP Domain Name | New CISSP Domain Name |
| Domain 1: Security and Risk Management | Domain 1: Security and Risk Management |
| Domain 2: Asset Security | Domain 2: Asset Security |
| Domain 3: Security Engineering | Domain 3: Security Architecture and Engineering |
| Domain 4: Communications and Network Security | Domain 4: Communication and Network Security |
| Domain 5: Identity and Access Management | Domain 5: Identity and Access Management (IAM) |
| Domain 6: Security and Assessment Testing | Domain 6: Security Assessment and Testing |
| Domain 7: Security Operations | Domain 7: Security Operations |
| Domain 8: Software Development Security | Domain 8: Software Development Security |
|
The domain weights are as follows: |
|
| Major Domains | Weightings (Percentage) |
| Domain 1: Security and Risk Management | 15% |
| Domain 2: Asset Security | 10% |
| Domain 3: Security Architecture and Engineering | 13% |
| Domain 4: Communication and Network Security | 14% |
| Domain 5: Identity and Access Management (IAM) | 13% |
| Domain 6: Security Assessment and Testing | 12% |
| Domain 7: Security Operations | 13% |
| Domain 8: Software Development Security | 10% |
| Total | 100% |
Here is a link to the updated CISSP Exam Outline and FAQs for further clarification.
