We are excited to have more than 130,000 individuals become (ISC)² Candidates since launching in September 2022. Many of them will go on to earn their Certified in Cybersecurity (CC) as part of our One Million Certified in Cybersecurity pledge.

For those new to (ISC)², or those who’ve had their sights set on their CISSP for years now, you may not be sure exactly how you become (ISC)²-certified. Your certification is more than a single exam. There are three steps to earn your (ISC)² certification:

Step 1: Pass your exam

Step 2: Submit your certification application

Step 3: Pay your first Annual Maintenance Fee (AMF)

Let’s dive in …

Step 1: Pass your exam

Which exam to take depends on your goals, and where you personally are in your cybersecurity career. You can use our Qualification Pathfinder to help chart your course: https://www.isc2.org/Certifications/Qualification-Pathfinder

Once you select the certification you want to earn, you will sit for your exam at a Pearson VUE test center. Register for your exam with Pearson VUE with the same email address as your isc2.org account. If you pass, you will receive a letter informing you of your provisional results and inviting you to the next step …

Step 2: Submit your certification application

If you’ve passed the CC exam, your certification application is quite simple. You will agree to the (ISC)² privacy policy, and then affirm your commitment to abide by the (ISC)² Code of Ethics. This code is a cornerstone of our association and all members – and (ISC)² Candidates – must agree to uphold the cannons themselves, as well as report anyone who violates the code.

If your certification has an experience requirement – for example, the CISSP requires five years of paid relevant work experience in two of the eight domains of the certification – then you will also provide evidence of this in your certification application. This step is where another (ISC)²-certified member will endorse your experience and affirm your good standing in the industry. If you don’t know another (ISC)²-ceritifed member to do this, you can provide your work experience (with proof via tax returns, letters from supervisors, letterhead documentation, etc.) and (ISC)² will review and the association itself will serve as your endorser. If you do not have the required experience needed to earn full certification status, you will become an Associate of (ISC)² and will be able to pursue your paid experience.

Step 3: Pay your first Annual Maintenance Fee (AMF)

As soon as your certification application has been approved, you will be notified via email and invited to pay your first Annual Maintenance Fee, known as your AMF. AMFs are used by (ISC)² to support the costs of maintaining the certifications and their related support systems.

If you earn the CC, or if you become an Associate of (ISC)², your AMF is U.S. $50 each year. If you earn the CISSP, CCSP, SSCP, CSSLP, CGRC or HCISPP, your AMF is U.S. $125 each year. If you are earning an additional certification (which includes the CISSP concentrations: CISSP-ISSAP, CISSP-ISSEP or CISSP-ISSMP) you will not have to pay additional AMFs beyond the one $125 payment each year.

What’s next?

Once you’re certified, you’ll get an invitation to claim your badge from Credly. This digital badge is a signifier of your accomplishment and is an easy way for you to display your credential online. You can use your badge on social media, in an email signature or on a website. When viewers click on it, they will see the knowledge, skills and abilities required to earn that credential, as well as the date that it was earned. Beyond your digital badge, you’ll receive a digital certificate to print or share online.

You’ll also have access to a variety of benefits including discounts on industry events, free online on-demand courses to support your professional development, access to a global network of professionals, such as in our online Community, to support your career growth and so much more. Stay in the know by following us on LinkedIn, Twitter and Facebook . Update your communication preferences; and subscribe to our newsletters to receive important announcements.

As practitioners know all too well, it is paramount to remain up to date with the changing landscape of cybersecurity. We regularly conduct Job Task Analysis (JTA) studies to review exam content and outlines to ensure the accuracy, relevance and excellence of all (ISC)² exams.  

The Certified in Governance, Risk and Compliance (CGRC), formerly known as the Certified Authorization Professional (CAP) exam, was last refreshed in 2021. The certification is undergoing a name change to more accurately reflect the knowledge, skills and abilities required to earn and maintain this certification. As part of our regular updates to exams, it is now time to refresh the (ISC)² CGRC exam to better align with best governance, risk and compliance professional practices.  

We will begin the CGRC revision process with a JTA Study Workshop tentatively scheduled for February 13-15, 2023. We are asking that anyone who currently holds the CGRC (aka CAP) review the CGRC Exam Outline and consider the following questions:  

1. Do you believe that the current CGRC exam outline adequately covers the existing and emerging cybersecurity techniques and threats CGRC practitioners are facing in their jobs today? 
2. If not, what sort of topics/content should be added to the CGRC exam outline? 
3. What content currently on the CGRC exam outline is no longer relevant to today’s professionals? 

Please send your answers to these questions to CGRCJTA@isc2.org no later than January 30, 2023. Please include your ID # in your email. Your comments will be compiled and presented to the JTA Committee for further review.  

Be sure to submit this exercise via the CPE portal so that you can earn credit for participating in this essential activity. Thank you for your invaluable insights and help!  

With more than 150,000 CISSPs around the world, some of you have asked – what's the next step? For many of you, that next step is one of the CISSP concentrations focused on security architecture, engineering or management.

The CISSP-ISSAP exam was last updated in October 2020, which means we are beginning the process of a refresh again. (ISC)² is holding a Job Task Analysis (JTA) Study Workshop (tentatively scheduled for February 6-8), we are asking those who hold this (or any) CISSP concentration to review the current CISSP-ISSAP Exam Outline and let us know the following:

1. Do you believe that the current CISSP-ISSAP exam outline adequately covers the existing and emerging cybersecurity techniques and threats CISSP-ISSAP practitioners are facing in their jobs today?
2. If not, what sort of topics/content should be added to the CISSP-ISSAP exam outline?
3. What content currently on the CISSP-ISSAP exam outline is no longer relevant to today’s professionals?

Please send your answers to these questions to ISSAPJTA@isc2.org no later than January 23, 2023. Please include your ID # in your email. Your comments will be compiled and presented to the JTA Committee for further review.

Be sure to submit this exercise via the CPE portal so that you can earn credit for participating in this essential activity. Thank you for your invaluable insights and help!