CCSP exam and CBK changes in August 2022

Fakhar Imam
August 12, 2022 by
Fakhar Imam

The International Information System Security Certification Consortium or ISC2, introduced changes to its certified cloud security professional (CCSP) certification on August 1, 2022. This is the second update since its inception in 2015. The purpose of these enhancements is to better align CCSP domains with the latest changes in cloud security and the newest trends in cloud computing technologies and methodologies, including emerging, fast and sophisticated threats.

This article explores the changes to the domains covered by the CCSP certification exam. They are closely related to the roles and responsibilities of today’s practicing cloud security professionals. They are drawn from various topics in the updated ISC2 CCSP common body of knowledge (CBK), a comprehensive framework of information security terms, principles, skills and techniques that a competent professional must know and use.

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

By reviewing the new topics covered by the exam, you will be able to identify areas of study that may need additional attention if you want to pass the test on the first attempt.

What changes are made to CCSP domains and their weight?

As a result of the CCSP domain refresh on August 1, 2022, it might seem that only a minor adjustment from the 2019 version was made: a 1% change in the weights for Domain 2: Cloud data security and Domain 5: Cloud security operations. All other domain weights are identical.

Major Domains August 2019  August 2022

Domain 1: Cloud concepts, architecture and design 17% 17%

Domain 2: Cloud data security 19% 20%

Domain 3: Cloud platform and infrastructure security 17% 17%

Domain 4: Cloud application security 17% 17%

Domain 5: Cloud security operations 17% 16%

Domain 6: Legal, risk and compliance 13% 13%

Total 100% 100%


However, in reality, new cloud security concepts have been added, and some content has been removed from the CCSP CBK. All domains have been updated or realigned to test the knowledge and hands-on experience in cloud security architecture, design, operations and service orchestration that today’s professionals need.

Skills covered in each of the CCSP domains

In each of the six CCSP domains, you’ll find critical topics you should know. These are areas you need to study before getting tested. So, go over the modules, as they highlight critical information, to become familiar with and pass the exam for certification.

CCSP Domain 1, Cloud concepts, architecture and design is an overview of cloud computing concepts, models (services and deployments) and principles.

1.1 Understand cloud computing concepts

1.2 Describe cloud reference architecture

1.3 Understand security concepts relevant to cloud computing

1.4 Understand design principles of secure cloud computing

1.5 Evaluate cloud service providers

CCSP Domain 2, Cloud data security is an overview of data classification and categorization, data lifecycle stages, data retention and auditing.

2.1 Describe cloud data concepts

2.2 Design and implement cloud data storage architectures

2.3 Design and apply data security technologies and strategies

2.4 Implement data discovery

2.5 Plan and implement data classification

2.6 Design and implement information rights management (IRM)

2.7 Plan and implement data retention, deletion and archiving policies

2.8 Design and implement auditability, traceability and accountability of data events

CCSP Domain 3, Cloud platform and infrastructure security requires a baseline knowledge of cloud security strategies, risks and responsibilities, and storage, as well as a business continuity program.

3.1 Comprehend cloud infrastructure and platform components

3.2 Design a secure data center

3.3 Analyze risks associated with cloud infrastructure and platforms

3.4 Plan and implementation of security controls

3.5 Plan business continuity (BC) and disaster recovery (DR)

CCSP Domain 4, Cloud application security is an overview of the software development lifecycle, testing, architecture and auditing of cloud services.

4.1 Advocate training and awareness for application security

4.2 Describe the secure software development life cycle (SDLC) process

4.3 Apply the secure software development life cycle (SDLC)

4.4 Apply cloud software assurance and validation

4.5 Use verified secure software

4.6 Comprehend the specifics of cloud application architecture

4.7 Design appropriate identity and access management (IAM) solutions

CCSP Domain 5, Cloud security operations includes ways of achieving data center high availability through redundancy, capacity/maintenance monitoring, risk management and change/configuration monitoring. It also covers data center redundancy and standards.

5.1 Build and implement physical and logical infrastructure for cloud environment

5.2 Operate and maintain physical and logical infrastructure for cloud environment

5.3 Implement operational controls and standards [e.g., information technology infrastructure library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)

5.4 Support digital forensics

5.5 Manage communication with relevant parties

5.6 Manage security operations

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

CCSP Domain 6, Legal, risk and compliance covers the laws, regulations and standards for the protection of data in cloud computing.

6.1 Articulate legal requirements and unique risks within the cloud environment

6.2 Understand privacy issues

6.3 Understand audit process, methodologies, and required adaptations for a cloud environment

6.4 Understand implications of cloud to enterprise risk management

6.5 Understand outsourcing and cloud contract design

Comparison of old and new exams

Effective 1 August 2022, the CCSP exam increased from 100 operational items with 25 pretest (unscored) items to 100 operational items with 50 pretest items. As a result, the exam time increased from three to four hours. 

Exam format CCSP old exam CCSP new exam

Length of the exam 3 hrs. 4 hrs.

Number of questions 125 150

Type of questions Multiple choice Multiple choice

Passing score 700 points out of 1000 700 points out of 1000


The refreshed CCSP exam costs U.S. $599 and is available in English, Chinese, German, Japanese, Korean and Spanish. Pearson VUE administers tests.

Can I appear for the refreshed CCSP exam with old CCSP material?

Yes, you can take the exam if you already have studied the previous CCSP CBK and have current experience in the field. Nevertheless, ISC2 cannot guarantee that you will pass the exam merely using old material. To be safe, you should look for updated material and courses based on the latest exam content outline to avoid risking failure on test day.

How do I prepare for the new CCSP exam?

First, you must thoroughly examine the new topics and pay special attention to the recent CCSP CBK because it represents the most up-to-date concepts for the upcoming exam. 

Devise a learning path that covers in-depth all cloud security knowledge topics covered by the domains and also focuses on those areas in which you feel less versed. Make full use of available CCSP updated training courses and options listed below.

Study resources

Begin by checking out the ISC2 self-study resources webpage, where you can get 50% off official training aids as a member benefit. These options allow CCSP exam candidates to learn at their own pace using traditional textbooks and more contemporary tools, such as interactive flashcards and study apps.

Below are some CCSP instructional materials to help you do better on exam day: 

  • Official ISC2 CCSP Study Guide, 2nd Edition
  • Official ISC2 CCSP CBK Reference, 3rd Edition
  • Official ISC2 CCSP Practice Tests, 2nd Edition

Community discussion

The ISC2 Community features a CCSP study group. Its discussion threads are created by users who are preparing for the exam or have recently passed the test.

The TechExams’ community forum is another group where certification-seekers and -holders can share general information on the exam topics.

Appropriate training

The official ISC2 CCSP training course will help students review and refresh their knowledge and identify areas they need to study. In addition, the ISC2 official CCSP CBK training seminar can help professionals measure their competence against a globally recognized body of knowledge.

ISC2 training partners and reputable accredited training providers are also excellent options because they deliver the most relevant, up-to-date course content in various formats to better fit the needs and preferences of students. Online boot camp-style options, for example, provide direct access to an instructor in a condensed format that concentrates live learning into a very limited number of days while giving longer-term access to online resources to fine-tune preparation. 

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

Updates to the CCSP exam and CBK changes

As securing cloud services remains a challenge, those who meet the certification requirements for the CCSP vendor-neutral credential offered by the ISC2 are sought out by employers for their knowledge and experience of cloud security architecture, design, operations and service orchestration, which this credential certifies. 

Preparation is key to grasping the six domains and numerous subdomains and earning one of the most advanced cloud security certifications available today.

For more on the CCSP certification, check out our CCSP certification hub.


Fakhar Imam
Fakhar Imam

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.