2021 CISSP Exam Changes – Everything You Need To Know
 /  News / 2021 CISSP Exam Changes – Everything You Need To Know
2021 CISSP Exam Changes – Everything You Need To Know

2021 CISSP Exam Changes – Everything You Need To Know


As part of (ISC)2 efforts to maintain market relevance for the certifications it offers and align with the latest knowledge and best practices, the organisation has announced they will be making specific changes to the CISSP (Certified Information Systems Security Professional) certification exam.

At BridgingMinds, we hope to better prepare every student for the revisions being made. If you are one of those impacted by this change, read on and learn more about the upcoming alterations and what you can expect from the latest exam.

What you need to know about the changes

(ICS)2 has announced that the updated version of the exam will be in effect from 1 May 2021. It is understandable to be wary of the changes, especially after spending the last few months preparing diligently for this test.

You will be glad to know that the impact from the various modifications are relatively minor aside from specific domain weightage changes and rewording of topics, which we will further explore in this article. The necessary experience you need to qualify for the CISSP exam has not changed even after the revisions.

What are the changes being made?

The changes being made to the 2021 iteration of the CISSP exam reflect the most critical problems cybersecurity specialists face today. The hope is that these latest revisions will precisely capture the essential skills a cybersecurity expert requires to thrive in this field.

1. Changes to the guidelines

A glance at the Certification Exam Outline released by (ICS)2 reveals the addition of several new topics to the various sub-domains, except domain 6 and 8. However, there is no need for concern as some of these topics have already been detailed in past materials. The remainder of the new topics should be recognisable to many IT professionals working in the cybersecurity field.

There are also slight alterations to existing topics and the removal of specific subjects. Let us breakdown the new guidelines and examine the recent changes being made to each of the sub-domain:

  • Changes made to domain 1
    • Added new topic “Understanding and applying security concepts”.
    • Topic “Understanding requirements for investigation types” has been removed from domain 7 and added to domain 1.
    • “Apply risk-based management concepts to supply chain” has been reworded to “Apply Supply Chain Risk Management (SCRM) concepts”.
  • Changes made to domain 2
    • Added new topic “Manage data lifecycle”.
    • Added a compliance component to the topic “Determine data security controls”.
    • Topic “Provision resources securely” has been removed from domain 7 and added to domain 2.
    • Removed topic “Protect privacy”.
  • Changes made to domain 3
    • Added new topic “Select and determine cryptographic solutions”.
    • Added new topic “Understand methods of cryptanalytic attacks”.
    • Added a research component to the topic “Implement and manage engineering processes using secure design principles”.
    • Removed topic “Apply cryptography”.
    • Removed topic “Assess and mitigate vulnerabilities in web-based systems”.
    • Removed topic “Assess and mitigate vulnerabilities in mobile systems”.
    • Removed topic “Assess and mitigate vulnerabilities in embedded devices”.
  • Changes made to domain 4
    • Added an assessment component to the topic “Implement secure design principles in network architectures”.
  • Changes made to domain 5
    • Added new topic “Implement authentication system”.
    • “Integrate identity as a third-party service” has been reworded to “Federated identity with a third-party service”.
  • Changes made to domain 7
    • Added new topic “Perform Configuration Management”.
    • “Understand and support investigations” has been reworded to “Understand and comply with investigations”.
    • Topic “Understanding requirements for investigation types” has been removed from domain 7 and added to domain 1.
    • Topic “Provision resources securely” has been removed from domain 7 and added to domain 2.

Despite the notable absence of several topics in this latest edition of the CISSP exam, it is vital to note that they are removed to avoid repetition. You can still find similar subjects elsewhere in the study material. These particular topics can still crop up in the exam despite their absence.

2. Domain weightage changes

In addition to the various changes made to the sub-domains, there has also been a weightage change in two of the eight domains. We have broken down the alterations in the table below for easy consumption:

Domains Current weightage Weightage as of 1 May 2021
Security and Risk Management 15% 15%
Asset Security 10% 10%
Security Architecture and Engineering 13% 13%
Communication and Network Security 14% 13%
Identity and Access Management 13% 13%
Security Assessment and Testing 12% 12%
Security Operations 13% 13%
Software Development Security 10% 11%
Total: 100% 100%


The changes detailed here is by no means exhaustive. It is best to maintain your diligence and continue your revision of the study material. If you remain concerned about the modifications made to the guidelines, we recommend you sign up for our latest CISSP training course.

At BridgingMinds, our instructors have been briefed on the newest changes. Allow them to guide you through the revised modules so that you can ace your CISSP certification exam. Our new classes start in May 2021, so hurry and sign up now while there are still slots available.

You may also wish to consider our agile courses to complement the skills you learn in your CISSP classes. With the IT industry’s greater emphasis on agile practices, an agile certification will significantly enhance your resume.


Related Posts

Get in touch with us

+65 6635 5590