CISSP concentrations: ISSAP, ISSEP, ISSMP
Once you hold the CISSP, ISC2 offers three concentrations to deepen one track: architecture, engineering or management. Here is who they are for and how to choose.
The three concentrations
| Concentration | Track | Target profile |
|---|---|---|
| ISSAP | Security architecture | Security architect |
| ISSEP | Security engineering | Security engineer, critical systems |
| ISSMP | Security management | CISO, program manager |
The shared prerequisite: already being a CISSP
Concentrations cannot be taken on their own: you must hold the CISSP in good standing (active certification) and have about 2 years of experience in the concentration's area. Each concentration has its own exam.
ISSAP — the architect
The ISSAP (Information Systems Security Architecture Professional) targets those who design security architectures: trust models, applied cryptography, infrastructure and access security. It's the natural next step for an architect.
ISSEP — the engineer
The ISSEP (Engineering) is for security engineering of systems, often in demanding contexts (public sector, critical systems), with a lifecycle and security-integration approach.
ISSMP — the manager
The ISSMP (Management) deepens steering: governance, security program management, crisis management and compliance. Relevant for a CISO or program lead.
Do you need a concentration?
For most candidates, the CISSP alone is enough and remains the most requested. A concentration makes sense if you want to signal a strong specialty (architecture, engineering, management) and your career clearly heads that way. Otherwise, consolidate the CISSP and aim for complementary certifications (cloud, audit).
Frequently asked questions
What are the CISSP specializations?
ISSAP (architecture), ISSEP (engineering), ISSMP (management).
Do you need the CISSP to take the ISSAP?
Yes, hold the CISSP in good standing + about 2 years of experience in the concentration.
See also: CISSP vs CISM and maintenance (CPE). CISSP®, ISSAP®, ISSEP®, ISSMP® are marks of (ISC)².