How to pass the CISSP: the complete guide

The CISSP (Certified Information Systems Security Professional) is the leading cybersecurity certification, issued by ISC2. Passing it is more than an exam: it also requires experience, an endorsement and an ethics commitment. Here is the complete, step-by-step method to earn the certification.

1. Understand what the CISSP is

The CISSP validates breadth rather than deep specialization: candidates must reason like a security manager, balancing risk, cost and business value. The exam covers 8 domains (the CBK, Common Body of Knowledge), from risk management to software development security. Explore the 8-domain overview and their weighting.

2. Check the experience requirements

To be certified (not just to pass the exam), you must prove 5 years of cumulative, paid work experience in at least 2 of the 8 domains. Good news: one year is waived with a 4-year degree (or higher) or an ISC2-approved credential — so 4 years minimum.

No experience yet? You can still sit the exam: if you pass, you become an Associate of ISC2 with 6 years to earn the required 5 years.

3. Pass the exam

The English exam is adaptive (CAT): 100 to 150 questions in 3 hours. The passing score is 700 out of 1000. Questions are mostly scenario-based MCQs that test judgment more than raw memory. For the exact process, read our dedicated guide: the CISSP exam explained (CAT format, length, score).

4. Study the 8 domains efficiently

The CISSP is hard because of its breadth, not its technical depth. The key is structured, measured revision: one domain at a time, mnemonics to anchor the lists, and exam-style quizzes to check. That is exactly what our 8-to-12-week CISSP study plan delivers, built on the PDCA cycle. Use the per-domain courses, then validate each domain with the practice quizzes.

5. Get the endorsement

After passing, you have 9 months to have your experience attested by an existing ISC2-certified professional. With no endorser, ISC2 can act as one.

6. Agree to the code of ethics

Certification requires subscribing to the ISC2 Code of Ethics (4 canons) and answering the legal/background questions honestly at registration. An ethics breach can lead to revocation of the title.

7. Maintain the certification

The CISSP is not for life: you must earn 120 CPE credits (continuing education) over 3 years — about 40 per year — and pay the Annual Maintenance Fee (AMF). Otherwise it expires.

Mistakes to avoid

Frequently asked questions

Do you need experience to sit the CISSP?

No to sit the exam, yes to be certified. Without the 5 years, you become an Associate of ISC2 and have 6 years to earn them.

What score do you need to pass the CISSP?

700 out of 1000, on an adaptive exam of 100 to 150 questions in 3 hours.

Is the CISSP recognized worldwide?

Yes, it is the most requested cybersecurity certification in job postings internationally.

Ready to start studying?

Begin with Domain 1, the largest (16% of the exam) and the most cross-cutting.

Open Domain 1

CISSP® is a registered mark of (ISC)². This site is not affiliated with ISC2. Official details at isc2.org.