CISSP requirements: experience needed and waivers

Before aiming for the CISSP, one question always comes up: do I have the required experience? Here are the official requirements in detail, what actually counts, and the waivers that can save you a year.

The base rule: 5 years across 2 domains

To be certified, you must prove 5 years of cumulative, paid, full-time work experience in at least 2 of the 8 domains of the CBK. Experience can be spread over time: it's the cumulative years that count, not one continuous period.

The one-year waiver (then 4 years is enough)

One year can be waived, with either:

With one of these waivers, only 4 years of experience remain. You cannot stack two waivers.

What counts as experience

No experience yet? The Associate path

You can still sit the exam: if you pass, you become an Associate of ISC2 with 6 years to earn the required 5 years. See our guide CISSP without experience (Associate).

After the exam: the endorsement

Your declared experience must be attested by an ISC2-certified member (endorsement) within 9 months of passing. Prepare a clear, dated résumé highlighting your activities per domain: it eases the endorsement and any audit.

Frequently asked questions

What experience do you need for the CISSP?

5 years in at least 2 of the 8 domains (4 years with a 4-year degree or an approved credential).

Do part-time work and internships count?

Yes: part-time prorated, internships if documented and tied to the domains.

Can you take the CISSP without experience?

Yes, via Associate of ISC2 status, with 6 years to gather the experience.

Requirements met? Time to study

Follow the complete method to earn the certification.

How to pass the CISSP

See also: CISSP without experience and the study plan. Official details at isc2.org.