The 8 CISSP domains explained

The CISSP® (Certified Information Systems Security Professional) qualification is one of the most respected certifications in the information security industry, demonstrating an advanced knowledge of cyber security.

We recently discussed the benefits of becoming a CISSP. Now, we turn our attention to the structure of the qualification itself and the domains within it.

(ISC)2, which developed and maintains the CISSP qualification, updated the structure of the certificate in 2015, moving from ten domains to eight.

We’ll begin by listing the eight domains, and then go on to explain each one in more detail.


What are the 8 CISSP domains?

CISSP is broken into 8 domains that cover the main aspects of information security. Anyone looking to become a CISSP must show their expertise in each of the domains in order to achieve certification.

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communications and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security